Описание
Security update for privoxy
This update to Privoxy 3.0.24 fixes two minor security issues.
The vulnerabilities should not be exploitable in the binary as compiled in openSUSE.
- CVE-2016-1982: Corrupt chunk-encoded content could cause an invalid read (boo#963151)
- CVE-2016-1983: Empty Host headers in client requests could result in invalid reads (boo#963152)
This update also contains general bug fixes and improvements as well as white and blacklist updates.
Список пакетов
openSUSE Leap 42.1
privoxy-3.0.24-6.1
privoxy-doc-3.0.24-6.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0305-1
- SUSE Security Ratings
Описание
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
Затронутые продукты
openSUSE Leap 42.1:privoxy-3.0.24-6.1
openSUSE Leap 42.1:privoxy-doc-3.0.24-6.1
Ссылки
- CVE-2016-1982
- SUSE Bug 963151
Описание
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
Затронутые продукты
openSUSE Leap 42.1:privoxy-3.0.24-6.1
openSUSE Leap 42.1:privoxy-doc-3.0.24-6.1
Ссылки
- CVE-2016-1983
- SUSE Bug 963152