The issue is caused by a bug in the HTTP Basic authentication handler and allows a buffer overflow to be triggered when passing special decorated credentials when accessing Squid Cache
Manager or built-in FTP gateway. The vulnerability has been manifest since the release of Squid 4.0.23. As a workaround for blocking the vulnerability, you can rebuild squid with the "--disable-auth-basic" option or disable access to services that use HTTP authentication in the configuration:
acl FTP proto FTP
http_access deny FTP
http_access deny manager
The other three vulnerabilities could lead to a denial of service when manipulating cachemgr.cgi, HTTP Digest authentication, or HTTP Basic authentication. The remaining vulnerability allows cross-site scripting through cachemgr.cgi.
Source: opennet.ru