Summary
The remote host is missing an update to squid
announced via advisory DSA 1482-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201482-1
Insight
It was discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential denial of service.
For the stable distribution (etch), this problem has been fixed in version 2.6.5-6etch1.
For the old stable distribution (sarge), the update cannot currently be processed on the buildd security network due to a bug in the archive management script. This will be resolved soon. An update for i386 is temporarily available at at http://people.debian.org/~jmm/squid/.
We recommend that you upgrade your squid packages.
Severity
Classification
-
CVE CVE-2007-6239 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities