Debian Security Advisory DSA 2631-1 (squid3 - denial of service)

Summary
Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi: CVE-2012-5643 squid's cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. CVE-2013-0189The original patch for CVE-2012-5643 was incomplete. A remote attacker still could exploit this flaw to perform a denial of service attack.
Solution
For the stable distribution (squeeze), these problems have been fixed in version 3.1.6-1.2+squeeze3. For the testing distribution (wheezy), these problems have been fixed in version 3.1.20-2.1. For the unstable distribution (sid), these problems have been fixed in version 3.1.20-2.1. We recommend that you upgrade your squid3 packages.
Insight
Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects.
Affected
squid3 on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References