Squid: Multiple vulnerabilities Multiple vulnerabilities have been found in Squid, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. squid November 27, 2014 November 27, 2014: 1 504176 522498 remote 3.3.13-r1 3.3.13-r1

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

An assertion failure in processing of SSL-Bump has been found in Squid. Heap based overflow is discovered when processing SNMP requests.

A remote attacker could send a specially crafted request, possibly resulting in a executing of arbitrary code or Denial of Service condition.

There is no known workaround at this time.

All Squid users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.3.13-r1" CVE-2014-0128 CVE-2014-7141 CVE-2014-7142 keytoaster Zlogene