Release date:
2026-04-01 16:43:35 UTC
Description:
- CVE-2026-33526: fix heap use-after-free due to double rfc1738_escape in ICP error handling
- CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads
- CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling
Updated packages:
-
squid-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:3fca7e945dab262868090a6e1943928e7858f19c23b6c64fbe79a75638563546
-
squid-migration-script-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:f43a0e93824b93714e603443c437dbc6e010a108fa272388ee806e184552a530
-
squid-sysvinit-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:d076e11ad908fa660198ca698c197eb75b49548a5427af1602277d79cf082f66
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
