Bug 22869

Summary: CVE-2010-0308: squid DoS in DNS handling
Product: Sisyphus Reporter: Dmitry V. Levin <ldv>
Component: squidAssignee: Alexey Shabalin <shaba>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: egori, erthad, rider, shaba
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://www.squid-cache.org/Advisories/SQUID-2010_1.txt

Description Dmitry V. Levin 2010-02-02 00:24:38 MSK 
Squid upstream has released updated versions fixing DoS when processing specially crafted DNS packets.

The bug allows any trusted client or external server who can determine the squid receiving port to perform a short-term denial of service attack on the Squid service.
Comment 1 Grigory Batalov 2010-02-03 00:34:37 MSK 
The package needs a new maintainer.
Comment 2 Vitaly Kuznetsov 2010-10-21 12:14:03 MSD 
fixed long ago