CVE-2008-1612

Publication date 1 April 2008

Last updated 24 July 2024

Ubuntu priority

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
squid	7.10 gutsy	Fixed 2.6.14-1ubuntu2.2
	7.04 feisty	Fixed 2.6.5-4ubuntu2.2
	6.10 edgy	Fixed 2.6.1-3ubuntu1.7
	6.06 LTS dapper	Fixed 2.5.12-4ubuntu2.4

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
squid	Other: http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-601-1
Squid vulnerability
14 April 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1612