CLSA-2026:1774874340

[CLSA-2026:1774874340] squid: Fix of 3 CVEs

Type:

security

Severity:

Low

Release date:

2026-03-30 12:39:04 UTC

Description:

- CVE-2026-33526: fix heap use-after-free due to double rfc1738_escape in ICP error handling
- CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads
- CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling

Updated packages:

squid-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:33f8d7dce8a873a91abec9c536b7e681b830745d80c35a516626e066c84615b8
squid-migration-script-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:0027b5f3c2aa91bc0534f6045d68c6a71094a71bcbab0e4ecb7627ad2c3b1755
squid-sysvinit-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:7252a2609f27b25cde87fb305e929aede1bf1bfc80490367c1adc4e694aea46c

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.