[squid-users] [squid-announce] Squid 3.5.16 is available
squid3 at treenet.co.nz
Sat Apr 2 08:26:14 UTC 2016
The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-3.5.16 release!
This release is a security and bug fix release resolving several
vulnerabilities and issues found in the prior Squid releases.
The major changes to be aware of:
* SQUID-2016:4 - Denial of Service issue in HTTP Response processing
This is another of the bugs left unfixed by the SQUID-2016:2 patches.
The visible symptom is assertions about:
"String.cc:*: 'len_ + len <65536'"
There is an attack in the wild for this one, but not as widely as for
the previous issues.
* SQUID-2016:3 - Buffer overrun issue in pinger ICMPv6 processing.
This bug shows up as pinger crashing with Icmp6::Recv errors. This may
affect Squid HTTP routing decisions. In some configurations, sub-optimal
routing decisions may result in serious service degradation or even
All previous Squid-3 releases are affected by both these issues. See the
advisory for further details. Upgrade or patching should be considered a
* pinger: drop capabilities on Linux
On Linux, it is now possible to install pinger helper with only
CAP_NET_RAW permissions raised instead of full setuid-root:
(setcap cap_net_raw+ep /path/to/pinger &&
chmod u-s /path/to/pinger) || :
Other operating systems without libcap capabilities features are not
affected by this change.
* Bug #4447: FwdState.cc:447 "serverConnection() == conn" assertion
This rather cripling bug appears after the CVE-2016-2569 patch. It
turned out to be a race condition closing connections and has now been
All users of Squid-3 or older are urged to upgrade to this release as
soon as possible.
See the ChangeLog for the full list of changes in this and earlier
Please refer to the release notes at
when you are ready to make the switch to Squid-3.5
"squid -k parse" is starting to display even more
useful hints about squid.conf changes.
This new release can be downloaded from our HTTP or FTP servers
or the mirrors. For a list of mirror sites see
If you encounter any issues with this release please file a bug report.
squid-announce mailing list
squid-announce at lists.squid-cache.org
More information about the squid-users