Release date:
2026-03-31 08:46:19 UTC
Description:
- CVE-2026-33526: fix heap use-after-free due to double rfc1738_escape in ICP error handling
- CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads
- CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling
Updated packages:
-
squid-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:ea2b2ffc4c29da8ebaa17ff77b982006d2259b3581aa89bd709ae17077f554eb
-
squid-migration-script-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:050a6ac7c4faddf994997455d5ebeca18e3b1651bd49de370c9e5afb37041ca1
-
squid-sysvinit-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:b511cc239e0af8c8f43489d128ee4d2b02a3d7b815984e520b5dab95a18e4304
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
