[El-errata] ELSA-2026-8317 Important: Oracle Linux 8 squid:4 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Sun Apr 19 16:34:06 UTC 2026
Oracle Linux Security Advisory ELSA-2026-8317
http://linux.oracle.com/errata/ELSA-2026-8317.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
squid-4.15-10.module+el8.10.0+90877+04e4d7e0.11.x86_64.rpm
aarch64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
squid-4.15-10.module+el8.10.0+90877+04e4d7e0.11.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libecap-1.0.1-2.module+el8.9.0+90083+f7556140.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/squid-4.15-10.module+el8.10.0+90877+04e4d7e0.11.src.rpm
Related CVEs:
CVE-2026-32748
CVE-2026-33526
Description of changes:
libecap
[1.0.1-2]
- Resolves: #1695587 - Ensure modular RPM upgrade path
[1.0.1-1]
- new version 1.0.1
- autoconf.h moved from lookaside to dist-git
[1.0.0-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[1.0.0-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[1.0.0-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
[1.0.0-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
[1.0.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
[1.0.0-2]
- Rebuilt for GCC 5 C++11 ABI change
[1.0.0-1]
- new version 1.0.0
[0.2.0-10]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
squid
[7:4.15-10.11]
- Fix patch for CVE-2026-32748
- Resolves: RHEL-160675
[7:4.15-10.10]
- Resolves: RHEL-160675 - squid:4/squid: Squid: Denial of Service
via crafted ICP traffic (CVE-2026-32748)
- Resolves: RHEL-160674 - squid:4/squid: Squid: Denial of Service
via heap Use-After-Free vulnerability in ICP handling (CVE-2026-33526)
[7:4.15-10.9]
- Resolves: RHEL-122484 - squid: Squid vulnerable to information disclosure via
authentication credential leakage in error handling (CVE-2025-62168)
[7:4.15-10.6]
- Resolves: RHEL-84420 - A squid child process causes a memory reference error
and the squid service terminates abnormally
[7:4.15-10.5]
- Resolves: RHEL-66120 - squid caches DNS entries despite having TTL set to 0
[7:4.15-10.4]
- Resolves: RHEL-67870 - Remove gopher mention from spec file
[7:4.15-10.3]
- Resolves: RHEL-22593 - CVE-2024-23638 squid:4/squid: vulnerable to
a Denial of Service attack against Cache Manager error responses
[7:4.15-10.2]
- Disable ESI support
- Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service
processing ESI response content
[7:4.15-10.1]
- Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent
to the client in its complementary
[7:4.15-10]
- Resolves: RHEL-28529 - squid:4/squid: Denial of Service in HTTP Chunked
Decoding (CVE-2024-25111)
- Resolves: RHEL-26088 - squid:4/squid: denial of service in HTTP header
parser (CVE-2024-25617)
More information about the El-errata
mailing list