A heap-based buffer overflow was found in the way squid processed certain Uniform Resource Names (URNs). A remote attacker could use this flaw to cause Squid to crash or execute arbitrary code with the permissions of the user running Squid.
The following mitigation is suggested by upstream:
Deny urn: protocol URI being proxied to all clients:
acl URN proto URN
http_access deny URN