Описание
Security update for libproxy
This update for libproxy fixes the following issues:
- CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410).
- CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
libproxy-devel-0.4.15-lp152.5.3.1
libproxy-sharp-0.4.15-lp152.5.3.1
libproxy-tools-0.4.15-lp152.5.3.1
libproxy1-0.4.15-lp152.5.3.1
libproxy1-32bit-0.4.15-lp152.5.3.1
libproxy1-config-gnome3-0.4.15-lp152.5.3.1
libproxy1-config-kde-0.4.15-lp152.5.3.1
libproxy1-networkmanager-0.4.15-lp152.5.3.1
libproxy1-pacrunner-webkit-0.4.15-lp152.5.3.1
perl-Net-Libproxy-0.4.15-lp152.5.3.1
python-libproxy-0.4.15-lp152.5.3.1
python3-libproxy-0.4.15-lp152.5.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1680-1
- SUSE Security Ratings
- SUSE Bug 1176410
- SUSE Bug 1177143
- SUSE CVE CVE-2020-25219 page
- SUSE CVE CVE-2020-26154 page
Описание
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
Затронутые продукты
openSUSE Leap 15.2:libproxy-devel-0.4.15-lp152.5.3.1
openSUSE Leap 15.2:libproxy-sharp-0.4.15-lp152.5.3.1
openSUSE Leap 15.2:libproxy-tools-0.4.15-lp152.5.3.1
openSUSE Leap 15.2:libproxy1-0.4.15-lp152.5.3.1
Ссылки
- CVE-2020-25219
- SUSE Bug 1176410
Описание
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
Затронутые продукты
openSUSE Leap 15.2:libproxy-devel-0.4.15-lp152.5.3.1
openSUSE Leap 15.2:libproxy-sharp-0.4.15-lp152.5.3.1
openSUSE Leap 15.2:libproxy-tools-0.4.15-lp152.5.3.1
openSUSE Leap 15.2:libproxy1-0.4.15-lp152.5.3.1
Ссылки
- CVE-2020-26154
- SUSE Bug 1177143