openSUSE-SU-2021:0006-1

Опубликовано: 01 янв. 2021

Источник: suse-cvrf

Описание

Security update for privoxy

This update for privoxy fixes the following issues:

privoxy was updated to 3.0.29:

Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. OVE-20201118-0001
Fixed a memory leak in the show-status CGI handler when no action files are configured OVE-20201118-0002
Fixed a memory leak in the show-status CGI handler when no filter files are configured OVE-20201118-0003
Fixes a memory leak when client tags are active OVE-20201118-0004
Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error OVE-20201118-0005
Prevent an unlikely dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. OVE-20201118-0006
Fixed memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail. OVE-20201118-0007
Fixed memory leaks in the show-status CGI handler when memory allocations fail OVE-20201118-0008
Add experimental https inspection support
Use JIT compilation for static filtering for speedup
Add support for Brotli decompression, add 'no-brotli-accepted' filter which prevents the use of Brotli compression
Add feature to gather exended statistics
Use IP_FREEBIND socket option to help with failover
Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended host patterns with 'PCRE-HOST-PATTERN:'
Added 'Cross-origin resource sharing' (CORS) support
Add SOCKS5 username/password support
Bump the maximum number of action and filter files to 100 each
Fixed handling of filters with 'split-large-forms 1' when using the CGI editor.
Better detect a mismatch of connection details when figuring out whether or not a connection can be reused
Don't send a 'Connection failure' message instead of the 'DNS failure' message
Let LOG_LEVEL_REQUEST log all requests
Improvements to default Action file

License changed to GPLv3.

remove packaging vulnerability boo#1157449

Список пакетов

openSUSE Leap 15.1

privoxy-3.0.29-lp152.3.3.1

privoxy-doc-3.0.29-lp152.3.3.1

openSUSE Leap 15.2

privoxy-3.0.29-lp152.3.3.1

privoxy-doc-3.0.29-lp152.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JFSIXZ2RYSIQJKMIUICOI4Y4Q5L52U6T/
E-Mail link for openSUSE-SU-2021:0006-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1157449
SUSE Bug 1157449