CVE-2008-1612

Publication date 1 April 2008

Last updated 24 July 2024


Ubuntu priority

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.

Status

Package Ubuntu Release Status
squid 7.10 gutsy
Fixed 2.6.14-1ubuntu2.2
7.04 feisty
Fixed 2.6.5-4ubuntu2.2
6.10 edgy
Fixed 2.6.1-3ubuntu1.7
6.06 LTS dapper
Fixed 2.5.12-4ubuntu2.4

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
squid

References

Related Ubuntu Security Notices (USN)

    • USN-601-1
    • Squid vulnerability
    • 14 April 2008

Other references