Release date:
2026-05-22 15:03:17 UTC
Description:
* SECURITY UPDATE: out-of-bounds read when handling malformed ICP traffic
- debian/patches/CVE-2026-33515.patch: validate ICP packet sizes and
URLs in icpGetUrl(); reject non-NUL-terminated URLs, URLs with
embedded NULs or trailing garbage; guard icpHandleUdp() against a
nil icpOutgoingConn pointer
- CVE-2026-33515
Updated packages:
-
squid_4.10-1ubuntu1.13+tuxcare.els4_amd64.deb
sha:60a8a1292dc71cd95e254218ccdf86558b5dc36d
-
squid-cgi_4.10-1ubuntu1.13+tuxcare.els4_amd64.deb
sha:682665238635c19451dad968f200f096672087b7
-
squid-common_4.10-1ubuntu1.13+tuxcare.els4_all.deb
sha:e9fc2884861e58907305d92d5bf76d8bee6602c4
-
squid-purge_4.10-1ubuntu1.13+tuxcare.els4_amd64.deb
sha:d8f8f9b6eb629a8606405da1f9f9f6374167f3d9
-
squidclient_4.10-1ubuntu1.13+tuxcare.els4_amd64.deb
sha:c2d28616271e69c6867f4146cf0cb3a0e9650e11
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
