Rob Middleton

**Name of the Vulnerable Software and Affected Versions** Squid versions 3.0 through 3.0.STABLE16 Squid versions 3.1 through 3.1.0.11 **Description** The issue allows remote attackers to cause a denial of service via malformed requests, including missing or mismatched protocol identifiers, missing or negative status values, missing versions, or missing or invalid status numbers. This is related to the HttpMsg.cc and HttpReply.cc components. **Recommendations** For Squid versions 3.0 through 3.0.STABLE16, update to a version later than 3.0.STABLE16 to resolve the issue. For Squid versions 3.1 through 3.1.0.11, update to a version later than 3.1.0.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenSSH in Apple Mac OS X version 10.4.7 **Description** The issue allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. **Recommendations** For OpenSSH in Apple Mac OS X version 10.4.7, consider updating to a newer version that addresses this issue.