RLSA-2026:6301

Synopsis

Important: squid security update

Description

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

Security Fix(es):

* squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526)

* Squid: Squid: Denial of Service via crafted ICP traffic (CVE-2026-32748)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2451574 2451577

CVEs

CVE-2026-32748 CVE-2026-33526

Affected packages

Rocky Linux 9 aarch64 - AppStream

squid-7:5.5-22.el9_7.4.aarch64.rpm squid-7:5.5-22.el9_7.4.src.rpm squid-debuginfo-7:5.5-22.el9_7.4.aarch64.rpm squid-debugsource-7:5.5-22.el9_7.4.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

squid-7:5.5-22.el9_7.4.ppc64le.rpm squid-7:5.5-22.el9_7.4.src.rpm squid-debuginfo-7:5.5-22.el9_7.4.ppc64le.rpm squid-debugsource-7:5.5-22.el9_7.4.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

squid-7:5.5-22.el9_7.4.s390x.rpm squid-7:5.5-22.el9_7.4.src.rpm squid-debuginfo-7:5.5-22.el9_7.4.s390x.rpm squid-debugsource-7:5.5-22.el9_7.4.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

squid-7:5.5-22.el9_7.4.src.rpm squid-7:5.5-22.el9_7.4.x86_64.rpm squid-debuginfo-7:5.5-22.el9_7.4.x86_64.rpm squid-debugsource-7:5.5-22.el9_7.4.x86_64.rpm