Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 349 articles for you...
87

Debian Squid Significant Information Exposure Service Disruption DSA-6360-1

Multiple security issues were discovered in the Squid proxy caching server, which could result in information disclosure or denial of service. For the stable distribution (trixie), these problems have been fixed in version 6.13-2+deb13u2. We recommend that you upgrade your squid packages.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6360-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff June 21, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : squid CVE ID : CVE-2026-33515 CVE-2026-33526 CVE-2026-47729 CVE-2026-50012 Multiple security issues were discovered in the Squid proxy caching server, which could result in information disclosure or denial of service. For the stable distribution (trixie), these problems have been fixed in version 6.13-2+deb13u2. We recommend that you upgrade your squid packages. For the detailed security status of squid please refer to its security tracker page at: https://security-tracker.debian.org/tracker/squid Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical updates for Squid in Debian address multiple issues, including information disclosure and denial of service threats.. Debian Security Advisory, Squid Update, Information Disclosure. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 21, 2026 Critical Debian
172

Ubuntu Squid Important DoS Buffer Overflow Vulnerabilities USN-8435-1

Several security issues were fixed in Squid.. ========================================================================== Ubuntu Security Notice USN-8435-1 June 16, 2026 squid vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Squid. Software Description: - squid: Web proxy cache server Details: It was discovered that Squid incorrectly handled FTP gateway processing under certain circumstances, which could result in an out-of-bounds read. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2026-47729) It was discovered that Squid incorrectly handled cache digest processing under certain circumstances, which could result in a heap-based buffer overflow. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-50012) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS squid 7.2-2ubuntu2.2 Ubuntu 25.10 squid 6.14-0ubuntu0.25.10.4 Ubuntu 24.04 LTS squid 6.14-0ubuntu0.24.04.4 Ubuntu 22.04 LTS squid 5.9-0ubuntu0.22.04.7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8435-1 CVE-2026-47729, CVE-2026-50012 Package Information: https://launchpad.net/ubuntu/+source/squid/7.2-2ubuntu2.2 https://launchpad.net/ubuntu/+source/squid/6.14-0ubuntu0.25.10.4 https://launchpad.net/ubuntu/+source/squid/6.14-0ubuntu0.24.04.4 https://launchpad.net/ubuntu/+source/squid/5.9-0ubuntu0.22.04.7 . Several issues in Squid lead to potential denialof service and code execution in Ubuntu 22.04, 24.04, 25.10, and 26.04.. Squid security issues, Ubuntu advisory 8435-1, denial of service Squid, buffer overflow security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 16, 2026 Important Ubuntu
217

Oracle Linux 7 squid Important Security Updates ELSA-2026-8880

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-8880 http://linux.oracle.com/errata/ELSA-2026-8880.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: squid-3.5.20-17.0.11.el7_9.13.x86_64.rpm squid-migration-script-3.5.20-17.0.11.el7_9.13.x86_64.rpm squid-sysvinit-3.5.20-17.0.11.el7_9.13.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/squid-3.5.20-17.0.11.el7_9.13.src.rpm Related CVEs: CVE-2026-32748 CVE-2026-33526 Description of changes: [7:3.5.20-17.0.11.13] - Security update for CVE-2026-32748 CVE-2026-33526 [Orabug: 39230173] [7:3.5.20-17.0.9.13] - Fixes CVE-2025-62168, squid: Squid vulnerable to information disclosure via - authentication credential leakage in error handling [Orabug: 38587551] [7:3.5.20-17.0.7.13] - Fixes CVE-2025-54574, add URN access disabling config options [Orabug: 38350105] [7:3.5.20-17.0.5.13] - Fixed cve 2023-46846 for http and icap request/response smuggling [Orabug: 37326730] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 7 updates include important security fixes for Squid addressing multiple vulnerabilities.. Oracle Linux Security Squid Fixes Information Leakage. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 20, 2026 Important Oracle
89

Fedora 43 Squid 7.5 Critical Update Denial of Service 2026-e6a4814a4d

new version 7.5 security update. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e6a4814a4d 2026-05-06 16:45:18.195694+00:00 -------------------------------------------------------------------------------- Name : squid Product : Fedora 43 Version : 7.5 Release : 1.fc43 URL : http://www.squid-cache.org Summary : The Squid proxy caching server Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. -------------------------------------------------------------------------------- Update Information: new version 7.5 security update -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2026 Lubo\u0161 Uhliarik - 7:7.5-1 - new version 7.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2431445 - squid-7.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2431445 [ 2 ] Bug #2451599 - CVE-2026-33526 squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2451599 [ 3 ] Bug #2451601 - CVE-2026-32748 squid: Squid: Denial of Service via crafted ICP traffic [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2451601 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2026-e6a4814a4d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 43 Squid 7.5 update resolves Critical security issues and Denial of Service risks.. Fedora Squid update security DoS. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 06, 2026 Critical Fedora
89

Fedora 44 Squid Security Advisory 2026-c0590bd498 CVE-2026-33526 DoS Issues

new version 7.5 security update. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c0590bd498 2026-05-06 00:48:51.045777+00:00 -------------------------------------------------------------------------------- Name : squid Product : Fedora 44 Version : 7.5 Release : 1.fc44 URL : http://www.squid-cache.org Summary : The Squid proxy caching server Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. -------------------------------------------------------------------------------- Update Information: new version 7.5 security update -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2026 Lubo\u0161 Uhliarik - 7:7.5-1 - new version 7.5 - Add tmpfiles.d rules for /var directories (bootc compatibility) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2431445 - squid-7.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2431445 [ 2 ] Bug #2451599 - CVE-2026-33526 squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2451599 [ 3 ] Bug #2451601 - CVE-2026-32748 squid: Squid: Denial of Service via crafted ICP traffic [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2451601 -------------------------------------------------------------------------------- Thisupdate can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c0590bd498' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Security update for Fedora 44 Squid 7.5 includes fixes for critical Denial of Service vulnerabilities. Update recommended.. Fedora Squid Update, Security Advisory Fedore 44, Denial of Service Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 06, 2026 Important Fedora
217

Oracle Linux 8 ELSA-2026-8317 Squid 4 Important Denial of Service

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-8317 http://linux.oracle.com/errata/ELSA-2026-8317.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libecap-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm squid-4.15-10.module+el8.10.0+90877+04e4d7e0.11.x86_64.rpm aarch64: libecap-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm squid-4.15-10.module+el8.10.0+90877+04e4d7e0.11.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libecap-1.0.1-2.module+el8.9.0+90083+f7556140.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/squid-4.15-10.module+el8.10.0+90877+04e4d7e0.11.src.rpm Related CVEs: CVE-2026-32748 CVE-2026-33526 Description of changes: libecap [1.0.1-2] - Resolves: #1695587 - Ensure modular RPM upgrade path [1.0.1-1] - new version 1.0.1 - autoconf.h moved from lookaside to dist-git [1.0.0-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.0.0-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.0.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.0.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.0.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.0.0-2] - Rebuilt for GCC 5 C++11 ABI change [1.0.0-1] - new version 1.0.0 [0.2.0-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild squid [7:4.15-10.11] - Fix patch for CVE-2026-32748 - Resolves: RHEL-160675 [7:4.15-10.10] - Resolves: RHEL-160675 - squid:4/squid: Squid: Denial of Service via crafted ICP traffic (CVE-2026-32748) - Resolves: RHEL-160674 - squid:4/squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526) [7:4.15-10.9] - Resolves:RHEL-122484 - squid: Squid vulnerable to information disclosure via authentication credential leakage in error handling (CVE-2025-62168) [7:4.15-10.6] - Resolves: RHEL-84420 - A squid child process causes a memory reference error and the squid service terminates abnormally [7:4.15-10.5] - Resolves: RHEL-66120 - squid caches DNS entries despite having TTL set to 0 [7:4.15-10.4] - Resolves: RHEL-67870 - Remove gopher mention from spec file [7:4.15-10.3] - Resolves: RHEL-22593 - CVE-2024-23638 squid:4/squid: vulnerable to a Denial of Service attack against Cache Manager error responses [7:4.15-10.2] - Disable ESI support - Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service processing ESI response content [7:4.15-10.1] - Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent to the client in its complementary [7:4.15-10] - Resolves: RHEL-28529 - squid:4/squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111) - Resolves: RHEL-26088 - squid:4/squid: denial of service in HTTP header parser (CVE-2024-25617) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Important security advisory for Oracle Linux 8 addressing Denial of Service issues in Squid with updates and resolutions.. Oracle Linux Security, Denial of Service Threat, Security Updates for Squid. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 19, 2026 Important Oracle
219

Rocky Linux 8 RLSA-2026-8324 httpd Significant Security Flaws Discovered

Important: squid:4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8317", "synopsis": "Important: squid:4 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for squid, libecap, module.libecap, module.squid.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526)\n\n* Squid: Squid: Denial of Service via crafted ICP traffic (CVE-2026-32748)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2451574", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451574", "description": ""}, {"ticket": "2451577", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451577", "description": ""}], "cves": [{"name": "CVE-2026-32748", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-32748", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-826"}, {"name": "CVE-2026-33526", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-33526", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}], "references": [], "publishedAt": "2026-04-16T00:01:17.370160Z", "rpms": {"Rocky Linux 8": {"nvras": ["libecap-0:1.0.1-2.module+el8.9.0+1437+df5ea8f0.aarch64.rpm", "libecap-0:1.0.1-2.module+el8.9.0+1437+df5ea8f0.src.rpm","libecap-0:1.0.1-2.module+el8.9.0+1437+df5ea8f0.x86_64.rpm", "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+1437+df5ea8f0.aarch64.rpm", "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+1437+df5ea8f0.x86_64.rpm", "libecap-debugsource-0:1.0.1-2.module+el8.9.0+1437+df5ea8f0.aarch64.rpm", "libecap-debugsource-0:1.0.1-2.module+el8.9.0+1437+df5ea8f0.x86_64.rpm", "libecap-devel-0:1.0.1-2.module+el8.9.0+1437+df5ea8f0.aarch64.rpm", "libecap-devel-0:1.0.1-2.module+el8.9.0+1437+df5ea8f0.x86_64.rpm", "squid-7:4.15-10.module+el8.10.0+2080+49064dbd.9.aarch64.rpm", "squid-7:4.15-10.module+el8.10.0+1758+80ba9f4b.aarch64.rpm", "squid-7:4.15-10.module+el8.10.0+1985+eaf982f0.6.aarch64.rpm", "squid-7:4.15-10.module+el8.10.0+1928+e8441768.5.aarch64.rpm", "squid-7:4.15-10.module+el8.10.0+1881+7e31fb44.1.aarch64.rpm", "squid-7:4.15-10.module+el8.10.0+1885+e30b7122.3.aarch64.rpm", "squid-7:4.15-10.module+el8.10.0+1928+e8441768.5.src.rpm", "squid-7:4.15-10.module+el8.10.0+1985+eaf982f0.6.src.rpm", "squid-7:4.15-10.module+el8.10.0+1885+e30b7122.3.src.rpm", "squid-7:4.15-10.module+el8.10.0+2080+49064dbd.9.src.rpm", "squid-7:4.15-10.module+el8.10.0+1758+80ba9f4b.src.rpm", "squid-7:4.15-10.module+el8.10.0+1881+7e31fb44.1.src.rpm", "squid-7:4.15-10.module+el8.10.0+1928+e8441768.5.x86_64.rpm", "squid-7:4.15-10.module+el8.10.0+1881+7e31fb44.1.x86_64.rpm", "squid-7:4.15-10.module+el8.10.0+1758+80ba9f4b.x86_64.rpm", "squid-7:4.15-10.module+el8.10.0+2080+49064dbd.9.x86_64.rpm", "squid-7:4.15-10.module+el8.10.0+1985+eaf982f0.6.x86_64.rpm", "squid-7:4.15-10.module+el8.10.0+1885+e30b7122.3.x86_64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1985+eaf982f0.6.aarch64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1885+e30b7122.3.aarch64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+2080+49064dbd.9.aarch64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1928+e8441768.5.aarch64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1881+7e31fb44.1.aarch64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1758+80ba9f4b.aarch64.rpm","squid-debuginfo-7:4.15-10.module+el8.10.0+2080+49064dbd.9.x86_64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1758+80ba9f4b.x86_64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1985+eaf982f0.6.x86_64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1881+7e31fb44.1.x86_64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1885+e30b7122.3.x86_64.rpm", "squid-debuginfo-7:4.15-10.module+el8.10.0+1928+e8441768.5.x86_64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1928+e8441768.5.aarch64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1985+eaf982f0.6.aarch64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+2080+49064dbd.9.aarch64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1758+80ba9f4b.aarch64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1881+7e31fb44.1.aarch64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1885+e30b7122.3.aarch64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1758+80ba9f4b.x86_64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1881+7e31fb44.1.x86_64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1985+eaf982f0.6.x86_64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+2080+49064dbd.9.x86_64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1928+e8441768.5.x86_64.rpm", "squid-debugsource-7:4.15-10.module+el8.10.0+1885+e30b7122.3.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security update available for Squid in Rocky Linux addressing multiple denial of service issues.. squid update, Rocky Linux security, denial of service fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 16, 2026 Important Rocky Linux
219

Ubuntu 23 Apache Important Security Notification STSA-2027-9233

Important: squid security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8119", "synopsis": "Important: squid security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for squid.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526)\n\n* Squid: Squid: Denial of Service via crafted ICP traffic (CVE-2026-32748)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2451574", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451574", "description": ""}, {"ticket": "2451577", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451577", "description": ""}], "cves": [{"name": "CVE-2026-32748", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-32748", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-826"}, {"name": "CVE-2026-33526", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-33526", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}], "references": [], "publishedAt": "2026-04-15T12:07:10.074197Z", "rpms": {"Rocky Linux 10": {"nvras": ["squid-debugsource-7:6.10-6.el10_1.3.aarch64.rpm", "squid-7:6.10-6.el10_1.3.x86_64.rpm", "squid-debuginfo-7:6.10-6.el10_1.3.s390x.rpm", "squid-debuginfo-7:6.10-6.el10_1.3.aarch64.rpm","squid-7:6.10-6.el10_1.3.ppc64le.rpm", "squid-debugsource-7:6.10-6.el10_1.3.ppc64le.rpm", "squid-7:6.10-6.el10_1.3.s390x.rpm", "squid-debugsource-7:6.10-6.el10_1.3.s390x.rpm", "squid-debuginfo-7:6.10-6.el10_1.3.x86_64.rpm", "squid-7:6.10-6.el10_1.3.src.rpm", "squid-debuginfo-7:6.10-6.el10_1.3.ppc64le.rpm", "squid-debugsource-7:6.10-6.el10_1.3.x86_64.rpm", "squid-7:6.10-6.el10_1.3.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical update for squid in Rocky Linux addresses Denial of Service vulnerabilities with multiple CVEs for web clients.. Rocky Linux security update, squid Denial of Service, CVE-2026-33526. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 15, 2026 Important Rocky Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200