openEuler-SA-2026-1795

Synopsis:

squid security updateSummary:

An update for squid is now available for openEuler-24.03-LTS-SP1Description:

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.

Security Fix(es):

Squid is a widely used proxy caching server. Due to premature release of resources and heap Use-After-Free bugs during the handling of ICP (Internet Cache Protocol) traffic, Squid is vulnerable to Denial of Service. A remote attacker can cause the Squid service to crash by sending specially crafted ICP requests to a Squid instance with ICP support enabled, resulting in a reliable and repeatable Denial of Service attack. This vulnerability only affects Squid deployments that explicitly enable ICP support (i.e., configure a non-zero icp_port). It is important to note that this problem cannot be mitigated by denying ICP queries using icp_access rules.(CVE-2026-32748)

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero icp_port). This problem cannot be mitigated by denying ICP queries using icp_access rules. Version 7.5 contains a patch.(CVE-2026-33515)

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero...