CLSA-2026-1775734284
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1775734284.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1775734284
- Upstream
- Published
- 2026-04-09T11:31:29Z
- Modified
- 2026-06-04T09:47:32.345979631Z
- Summary
- Fix CVE(s): CVE-2026-32748, CVE-2026-33526
- Details
-
- SECURITY UPDATE: denial of service via use-after-free in ICP
- debian/patches/CVE-2026-33526.patch: remove duplicate rfc1738_escape call in icpGetRequest that invalidated the previously escaped URL pointer
- CVE-2026-33526
- SECURITY UPDATE: denial of service via use-after-free in ICP
request handling
- debian/patches/CVE-2026-32748.patch: return HttpRequestPointer and move icpAccessAllowed into icpGetRequest to fix HttpRequest lifetime for ICP v3 queries
- CVE-2026-32748
- SECURITY UPDATE: denial of service via use-after-free in ICP
- References
Affected packages
TuxCare:Ubuntu:20.04 / squid
Package
- Name
- squid
- Purl
- pkg:deb/tuxcare/squid?distro=ubuntu-20.04
TuxCare:Ubuntu:20.04 / squid-cgi
Package
- Name
- squid-cgi
- Purl
- pkg:deb/tuxcare/squid-cgi?distro=ubuntu-20.04
TuxCare:Ubuntu:20.04 / squid-common
Package
- Name
- squid-common
- Purl
- pkg:deb/tuxcare/squid-common?distro=ubuntu-20.04
TuxCare:Ubuntu:20.04 / squid-purge
Package
- Name
- squid-purge
- Purl
- pkg:deb/tuxcare/squid-purge?distro=ubuntu-20.04