squid-5.5-22.el9_7.4
エラータID: AXSA:2026-387:02
リリース日:
2026/04/02 Thursday - 17:36
題名:
squid-5.5-22.el9_7.4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Squid には、メモリ領域の解放後利用の問題があるため、リモート
の攻撃者により、サービス拒否攻撃 (DoS) を可能とする脆弱性が存在
します。(CVE-2026-32748)
- Squid には、メモリ領域の解放後利用の問題があるため、リモートの
攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-33526)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-32748
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.
CVE-2026-33526
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
追加情報:
N/A
ダウンロード:
SRPMS
- squid-5.5-22.el9_7.4.src.rpm
MD5: 1fa3ef3d709e7ef34e16ddebce467987
SHA-256: c8b5ce9488c2690c7d4fb05628bb88b44e29fa4f808a4b6582f3b1a33a1f3557
Size: 2.68 MB
Asianux Server 9 for x86_64
- squid-5.5-22.el9_7.4.x86_64.rpm
MD5: 941ff871d6576009ee1626757ba264bb
SHA-256: 20a611fbdd7590ef2891cb8987094317d33f09e0082d403459e628e4f25bf6a3
Size: 3.80 MB
English