Release date:
2026-03-30 13:32:32 UTC
Description:
- CVE-2026-33526: fix heap use-after-free due to double rfc1738_escape in ICP error handling
- CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads
- CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling
Updated packages:
-
squid-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:dcde70f7f75c8e6c5236abd5f7094e6b9c1c030eef944d9a02f3b159837b11e6
-
squid-migration-script-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:34a2baa3e3f0af4eaa8339463fbc532f9d2c5ebd812cbeefc9f6270c5663ae9f
-
squid-sysvinit-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm
sha:e0145b12177722f7c6c40451e99b17c11c3f6e9b8f4e7c11a29c0322ea94a463
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
