This problem allows a remote attacker to consume all memory
available to the Squid process, causing it to crash.
In environments where per-process memory restrictions are not
enforced strictly, or configured to large values this may also
affect other processes operating on the same machine. Leading to
a much worse denial of service situation.
This problem is limited to Squid built with SNMP support and
receiving SNMP traffic.
For reporting of security sensitive bugs send an email to the
[hidden email] mailing list. It's a closed
list (though anyone can post) and security related bug reports
are treated in confidence until the impact has been established.
2018-10-23 06:15:46 UTC Initial Report
2018-10-23 21:42:58 UTC Patch Released
2018-10-27 21:19:00 UTC Packages Released
squid-announce mailing list
[hidden email] http://lists.squid-cache.org/listinfo/squid-announce