{"schema_version":"1.7.2","id":"OESA-2026-2726","modified":"2026-06-24T13:12:55Z","published":"2026-06-24T13:12:55Z","upstream":["CVE-2026-47729","CVE-2026-50012"],"summary":"squid security update","details":"Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests.\r\n\r\nSecurity Fix(es):\n\n['Hi all,', "CVE-2026-47729\\n\\nDue to a Improper Validation of Syntactic Correctness of Input\\nbug, Squid is vulnerable to a Out-of-bounds Read\\nattack against the FTP gateway.\\n\\nThis problem allows a trusted client to perform an Out-of-Bounds\\nRead from random unrelated transactions when accessing a\\nmisbehaving FTP server through Squid's gateway feature.\\n\\n<", '>\\n\\n\\n\\nCVE-2026-50012\\n\\nDue to an Improper Input Validation bug, Squid is vulnerable to\\na Heap-based Buffer Overflow attack against cache digests.\\n\\nThis problem allows a trusted server to perform a Heap-based\\nBuffer Overflow when sending maliciously crafted replies to\\ncache_digest request messages.\\n\\nThis attack is limited to Squid instances that have been\\ncompiled with the --enable-cache-digests option.\\n\\n<', '>', 'Amos Jeffries\\nThe Squid Software Foundation'](CVE-2026-47729)\n\n['Hi all,', "CVE-2026-47729\\n\\nDue to a Improper Validation of Syntactic Correctness of Input\\nbug, Squid is vulnerable to a Out-of-bounds Read\\nattack against the FTP gateway.\\n\\nThis problem allows a trusted client to perform an Out-of-Bounds\\nRead from random unrelated transactions when accessing a\\nmisbehaving FTP server through Squid's gateway feature.\\n\\n<", '>\\n\\n\\n\\nCVE-2026-50012\\n\\nDue to an Improper Input Validation bug, Squid is vulnerable to\\na Heap-based Buffer Overflow attack against cache digests.\\n\\nThis problem allows a trusted server to perform a Heap-based\\nBuffer Overflow when sending maliciously crafted replies to\\ncache_digest request messages.\\n\\nThis attack is limited to Squid instances that have been\\ncompiled with the --enable-cache-digests option.\\n\\n<', '>', 'Amos Jeffries\\nThe Squid Software Foundation'](CVE-2026-50012)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"squid","purl":"pkg:rpm/openEuler/squid&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9-31.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["squid-4.9-31.oe2203sp4.aarch64.rpm","squid-debuginfo-4.9-31.oe2203sp4.aarch64.rpm","squid-debugsource-4.9-31.oe2203sp4.aarch64.rpm"],"src":["squid-4.9-31.oe2203sp4.src.rpm"],"x86_64":["squid-4.9-31.oe2203sp4.x86_64.rpm","squid-debuginfo-4.9-31.oe2203sp4.x86_64.rpm","squid-debugsource-4.9-31.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"squid","purl":"pkg:rpm/openEuler/squid&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6-9.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["squid-6.6-9.oe2403sp1.aarch64.rpm","squid-debuginfo-6.6-9.oe2403sp1.aarch64.rpm","squid-debugsource-6.6-9.oe2403sp1.aarch64.rpm"],"src":["squid-6.6-9.oe2403sp1.src.rpm"],"x86_64":["squid-6.6-9.oe2403sp1.x86_64.rpm","squid-debuginfo-6.6-9.oe2403sp1.x86_64.rpm","squid-debugsource-6.6-9.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"squid","purl":"pkg:rpm/openEuler/squid&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6-9.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["squid-6.6-9.oe2403sp3.aarch64.rpm","squid-debuginfo-6.6-9.oe2403sp3.aarch64.rpm","squid-debugsource-6.6-9.oe2403sp3.aarch64.rpm"],"src":["squid-6.6-9.oe2403sp3.src.rpm"],"x86_64":["squid-6.6-9.oe2403sp3.x86_64.rpm","squid-debuginfo-6.6-9.oe2403sp3.x86_64.rpm","squid-debugsource-6.6-9.oe2403sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"squid","purl":"pkg:rpm/openEuler/squid&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9-27.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["squid-4.9-27.oe2003sp4.aarch64.rpm","squid-debuginfo-4.9-27.oe2003sp4.aarch64.rpm","squid-debugsource-4.9-27.oe2003sp4.aarch64.rpm"],"src":["squid-4.9-27.oe2003sp4.src.rpm"],"x86_64":["squid-4.9-27.oe2003sp4.x86_64.rpm","squid-debuginfo-4.9-27.oe2003sp4.x86_64.rpm","squid-debugsource-4.9-27.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2726"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-47729"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-50012"}],"database_specific":{"severity":"High"}}