The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h (CVE-2016-2570)
Upstream Debian package version 3.1.20-2.2+deb7u4 fixes this issue: * http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. (CVE-2016-2571)
Upstream Debian package version 3.1.20-2.2+deb7u5 fixes these issues: * CVE-2016-4051: Buffer overflow in cachemgr.cgi. * CVE-2016-4052: Multiple stack-based buffer overflows by wrongly handling Edge Side Includes (ESI) responses. * CVE-2016-4053: Public information disclosure of the server stack layout when processing ESI responses. * CVE-2016-4054: Remote code execution when processing ESI responses. * CVE-2016-4554: Header Smuggling issue in HTTP Request processing. * CVE-2016-4555 and CVE-2016-4556: Denial of Service when processing
Advisory: squid3.yaml
OK: DEBIAN_FRONTEND=noninteractive apt-get install --reinstall squid3 OK: automatic tests: ucs-test -E dangerous -s proxy OK: advisory
<http://errata.software-univention.de/ucs/4.1/346.html>