rpms/squid
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix patch for CVE-2026-32748

Browse Source 
Resolves: RHEL-160675
This commit is contained in:
Tomas Korbar 2026-04-08 11:22:35 +02:00
parent df165bd9a4
commit efc51767d6
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
squid-4.15-CVE-2026-32748.patch
View File

@ -1,4 +1,4 @@
commit 0d9d86c3f2a79b2913edf2f5ed03ff3792c876ea
commit 5a9d42417ff63a20c5a7736323aef5117999d555
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Tue Apr 7 16:22:05 2026 +0200
@ -30,7 +30,7 @@ index a45455b..aa3ab57 100644
/// \ingroup ServerProtocolICPAPI
PF icpHandleUdp;
diff --git a/src/icp_v2.cc b/src/icp_v2.cc
index eb63899..c167a5d 100644
index eb63899..4f6a8fd 100644
--- a/src/icp_v2.cc
+++ b/src/icp_v2.cc
@@ -394,7 +394,7 @@ icpCreateAndSend(icp_opcode opcode, int flags, char const *url, int reqnum, int
@ -83,7 +83,7 @@ index eb63899..c167a5d 100644
+ return request;
+ }
+
+ icpCreateAndSend(ICP_ERR, 0, url, reqnum, 0, fd, from, nullptr);
+ icpCreateAndSend(ICP_ERR, 0, url, reqnum, 0, fd, from);
+ return nullptr;
}
@ -152,6 +152,23 @@ index 5dd6709..b48f7d8 100644
state->fd = fd;
state->from = from;
state->url = xstrdup(url);
diff --git a/src/store_key_md5.h b/src/store_key_md5.h
index dffaad7..3e9bd42 100644
--- a/src/store_key_md5.h
+++ b/src/store_key_md5.h
@@ -12,11 +12,9 @@
#define SQUID_STORE_KEY_MD5_H_
#include "hash.h"
+#include "http/forward.h"
#include "store/forward.h"
-class HttpRequestMethod;
-class HttpRequest;
-
typedef enum {
ksDefault = 0,
ksRevalidation
diff --git a/src/tests/stub_icp.cc b/src/tests/stub_icp.cc
index 9c0f60f..4429ccb 100644
--- a/src/tests/stub_icp.cc

6
squid.spec
View File

@ -2,7 +2,7 @@
Name: squid
Version: 4.15
Release: 10%{?dist}.10
Release: 10%{?dist}.11
Summary: The Squid proxy caching server
Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code
@ -384,6 +384,10 @@ fi
%changelog
* Wed Apr 08 2026 Tomas Korbar <tkorbar@redhat.com> - 7:4.15-10.11
- Fix patch for CVE-2026-32748
- Resolves: RHEL-160675
* Tue Apr 07 2026 Tomas Korbar <tkorbar@redhat.com> - 7:4.15-10.10
- Resolves: RHEL-160675 - squid:4/squid: Squid: Denial of Service
via crafted ICP traffic (CVE-2026-32748)