Univention Bugzilla – Bug 34298
squid3: Denial of service (3.1)
Last modified: 2014-06-02 08:18:44 CEST
CVE-2014-0128 Squid provides a feature to transparently decrypt/analyse SSL/TLS traffuic (called SSL bumping). This feature is susceptible by denial of service through malformed HTTPS requests. The affected feature isn't enabled in the templates in univention-squid.
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.