This Important security update addresses two Denial of Service vulnerabilities (CVE-2026-32748 and CVE-2026-33526, CVSS 7.5 HIGH) in the Squid proxy cache, both triggered by crafted ICP traffic, with one involving a heap Use-After-Free condition. The NVD data indicates these affect all Squid versions prior to 7.5. The fix is to upgrade Squid to version 7.5.
Red Hat Product Errata RHSA-2026:10255 - Security Advisory Issued: 2026-04-23 Updated: 2026-04-23 RHSA-2026:10255 - Security Advisory Overview Updated Packages Synopsis Important: squid security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for squid is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fix(es): squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526) Squid: Squid: Denial of Service via crafted ICP traffic (CVE-2026-32748) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2451574 - CVE-2026-33526 squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling BZ - 2451577 - CVE-2026-32748 Squid: Squid: Denial of Service via crafted ICP traffic CVEs CVE-2026-32748 CVE-2026-33526 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed x86_64 squid-5.5-13.el9_4.5.x86_64.rpm SHA-256: 1b46c8d768f72b3309e0065b083c240db6a2974278966e117db138538722bdd6 squid-debuginfo-5.5-13.el9_4.5.x86_64.rpm SHA-256: 0a5ddce3576189f6626affc568ad0bf3c19e6414f308b245ffc820643a07aa2b squid-debugsource-5.5-13.el9_4.5.x86_64.rpm SHA-256: 634d0d3aa10bbc3d45f622fc81da40a452973c3d25b34214be50b9dc0e8be229 Red Hat Enterprise Linux Server - AUS 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed x86_64 squid-5.5-13.el9_4.5.x86_64.rpm SHA-256: 1b46c8d768f72b3309e0065b083c240db6a2974278966e117db138538722bdd6 squid-debuginfo-5.5-13.el9_4.5.x86_64.rpm SHA-256: 0a5ddce3576189f6626affc568ad0bf3c19e6414f308b245ffc820643a07aa2b squid-debugsource-5.5-13.el9_4.5.x86_64.rpm SHA-256: 634d0d3aa10bbc3d45f622fc81da40a452973c3d25b34214be50b9dc0e8be229 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed s390x squid-5.5-13.el9_4.5.s390x.rpm SHA-256: ce8a45a01d123f99915d3a303044918ab11c116ddc8778f4578941b744ae071c squid-debuginfo-5.5-13.el9_4.5.s390x.rpm SHA-256: c24b6a316d22d8b57afd43f7beaa1888fe11807c91216b607b4ea1be537debb5 squid-debugsource-5.5-13.el9_4.5.s390x.rpm SHA-256: 73ba17948d156e6aa317815e0ba46fc91a96486f5d5d9124cb6aae9a55e2cd28 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed ppc64le squid-5.5-13.el9_4.5.ppc64le.rpm SHA-256: 662cc4971cba72a2dd1cfe86e516ca86a198a607bda31e567be053dbc03bec08 squid-debuginfo-5.5-13.el9_4.5.ppc64le.rpm SHA-256: 47de4b2473a6ecabb5adbad77ba6b3fedadece648143c124b5c8b8d4a1484185 squid-debugsource-5.5-13.el9_4.5.ppc64le.rpm SHA-256: 780bb91e671633060062c5063e0a343db1cd2e7e77e144d052c2902311541323 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed aarch64 squid-5.5-13.el9_4.5.aarch64.rpm SHA-256: cd2d85509a5d23d0b96f8b99daf6b8a81d59784779b725ed8802c78ac1aa9b43 squid-debuginfo-5.5-13.el9_4.5.aarch64.rpm SHA-256: 45d4f2a1c62323acfd7e39908395c58c0a7a195fafb8198b742aad69fc4edbd6 squid-debugsource-5.5-13.el9_4.5.aarch64.rpm SHA-256: 6d43a74ac60d7b2cce4e69a5bebead5e41b31d33944871b0d314f7759bb3b788 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed ppc64le squid-5.5-13.el9_4.5.ppc64le.rpm SHA-256: 662cc4971cba72a2dd1cfe86e516ca86a198a607bda31e567be053dbc03bec08 squid-debuginfo-5.5-13.el9_4.5.ppc64le.rpm SHA-256: 47de4b2473a6ecabb5adbad77ba6b3fedadece648143c124b5c8b8d4a1484185 squid-debugsource-5.5-13.el9_4.5.ppc64le.rpm SHA-256: 780bb91e671633060062c5063e0a343db1cd2e7e77e144d052c2902311541323 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed x86_64 squid-5.5-13.el9_4.5.x86_64.rpm SHA-256: 1b46c8d768f72b3309e0065b083c240db6a2974278966e117db138538722bdd6 squid-debuginfo-5.5-13.el9_4.5.x86_64.rpm SHA-256: 0a5ddce3576189f6626affc568ad0bf3c19e6414f308b245ffc820643a07aa2b squid-debugsource-5.5-13.el9_4.5.x86_64.rpm SHA-256: 634d0d3aa10bbc3d45f622fc81da40a452973c3d25b34214be50b9dc0e8be229 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed aarch64 squid-5.5-13.el9_4.5.aarch64.rpm SHA-256: cd2d85509a5d23d0b96f8b99daf6b8a81d59784779b725ed8802c78ac1aa9b43 squid-debuginfo-5.5-13.el9_4.5.aarch64.rpm SHA-256: 45d4f2a1c62323acfd7e39908395c58c0a7a195fafb8198b742aad69fc4edbd6 squid-debugsource-5.5-13.el9_4.5.aarch64.rpm SHA-256: 6d43a74ac60d7b2cce4e69a5bebead5e41b31d33944871b0d314f7759bb3b788 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed s390x squid-5.5-13.el9_4.5.s390x.rpm SHA-256: ce8a45a01d123f99915d3a303044918ab11c116ddc8778f4578941b744ae071c squid-debuginfo-5.5-13.el9_4.5.s390x.rpm SHA-256: c24b6a316d22d8b57afd43f7beaa1888fe11807c91216b607b4ea1be537debb5 squid-debugsource-5.5-13.el9_4.5.s390x.rpm SHA-256: 73ba17948d156e6aa317815e0ba46fc91a96486f5d5d9124cb6aae9a55e2cd28 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed x86_64 squid-5.5-13.el9_4.5.x86_64.rpm SHA-256: 1b46c8d768f72b3309e0065b083c240db6a2974278966e117db138538722bdd6 squid-debuginfo-5.5-13.el9_4.5.x86_64.rpm SHA-256: 0a5ddce3576189f6626affc568ad0bf3c19e6414f308b245ffc820643a07aa2b squid-debugsource-5.5-13.el9_4.5.x86_64.rpm SHA-256: 634d0d3aa10bbc3d45f622fc81da40a452973c3d25b34214be50b9dc0e8be229 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed aarch64 squid-5.5-13.el9_4.5.aarch64.rpm SHA-256: cd2d85509a5d23d0b96f8b99daf6b8a81d59784779b725ed8802c78ac1aa9b43 squid-debuginfo-5.5-13.el9_4.5.aarch64.rpm SHA-256: 45d4f2a1c62323acfd7e39908395c58c0a7a195fafb8198b742aad69fc4edbd6 squid-debugsource-5.5-13.el9_4.5.aarch64.rpm SHA-256: 6d43a74ac60d7b2cce4e69a5bebead5e41b31d33944871b0d314f7759bb3b788 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed ppc64le squid-5.5-13.el9_4.5.ppc64le.rpm SHA-256: 662cc4971cba72a2dd1cfe86e516ca86a198a607bda31e567be053dbc03bec08 squid-debuginfo-5.5-13.el9_4.5.ppc64le.rpm SHA-256: 47de4b2473a6ecabb5adbad77ba6b3fedadece648143c124b5c8b8d4a1484185 squid-debugsource-5.5-13.el9_4.5.ppc64le.rpm SHA-256: 780bb91e671633060062c5063e0a343db1cd2e7e77e144d052c2902311541323 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 SRPM squid-5.5-13.el9_4.5.src.rpm SHA-256: 76b71fd10ee6786de65fa4c8cae020e78f9a29e8a99de62f8dd835c1fabc3fed s390x squid-5.5-13.el9_4.5.s390x.rpm SHA-256: ce8a45a01d123f99915d3a303044918ab11c116ddc8778f4578941b744ae071c squid-debuginfo-5.5-13.el9_4.5.s390x.rpm SHA-256: c24b6a316d22d8b57afd43f7beaa1888fe11807c91216b607b4ea1be537debb5 squid-debugsource-5.5-13.el9_4.5.s390x.rpm SHA-256: 73ba17948d156e6aa317815e0ba46fc91a96486f5d5d9124cb6aae9a55e2cd28 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .