CVE-2009-0478

Publication date 8 February 2009

Last updated 24 July 2024

Ubuntu priority

Description

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
squid	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 2.7.STABLE3-1ubuntu2.1
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Not affected
squid3	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Ignored end of life, was needed
	8.04 LTS hardy	Ignored end of life
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release

Notes

jdstrand

2.6 and lower not affected

References

Related Ubuntu Security Notices (USN)

USN-724-1
Squid vulnerability
25 February 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0478