The cache update reply processing functionality in Squid 2.x before 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial of service via unknown vectors related to HTTP headers. The updated package fixes this issue.