squid3 security update
This update fixes the following security issue:
- 727492: Invalid free by processing CNAME (CVE-2011-4096)
This update also fixes the following non-security issue:
- 737905: installation creates empty spurious file "/1"
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5582
Fixed bugs
bnc#727492
VUL-0: Squid v3.1.16 -- Invalid free by processing CNAME
bnc#737905
squid3 installation creates empty spurious file "/1"
CVE#CVE-2011-4096
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empt
