[squid-users] assertion failed: String.cc:174: "len_ + len < 65536"

Amos Jeffries squid3 at treenet.co.nz
Tue Feb 23 17:07:17 UTC 2016


On 24/02/2016 5:37 a.m., William Lima wrote:
> Hi all,
>
> It's easy to make a DoS. The reply (and cause) of the problem of the
mentioned link:
>

William; Please do not do that again. The squid-bugs mailing list is for
(private) discussion of security related issues like attack PoC. This
attack vector (and several others) were already known and intended to be
under embargo until the end of day today.


Our devs receiving the security bugs list have been made aware of the
vulnerability some days ago and been working hard at a fix all week. The
problem does go a long way beyond this simple attack and it can take a
while to check that the fix is complete and working.

Luckily I am already working through the release process for 4.0 and
3.5. The formal tarballs will be available in 2-6 hrs. And the advisory
and release announcements later today.

Amos



More information about the squid-users mailing list