Описание
Security update for privoxy
This update for privoxy fixes the following issues:
privoxy was updated to 3.0.33 (boo#1193584):
- CVE-2021-44543: Encode the template name to prevent XSS (cross-side scripting) when Privoxy is configured to servce the user-manual itself
- CVE-2021-44540: Free memory of compiled pattern spec before bailing
- CVE-2021-44541: Free header memory when failing to get the request destination.
- CVE-2021-44542: Prevent memory leaks when handling errors
- Disable fast-redirects for a number of domains
- Update default block lists
- Many bug fixes and minor enhancements
Список пакетов
SUSE Package Hub 15 SP3
privoxy-3.0.33-bp153.2.3.1
privoxy-doc-3.0.33-bp153.2.3.1
openSUSE Leap 15.2
privoxy-3.0.33-bp153.2.3.1
privoxy-doc-3.0.33-bp153.2.3.1
openSUSE Leap 15.3
privoxy-3.0.33-bp153.2.3.1
privoxy-doc-3.0.33-bp153.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1646-1
- SUSE Security Ratings
- SUSE Bug 1193584
- SUSE CVE CVE-2021-44540 page
- SUSE CVE CVE-2021-44541 page
- SUSE CVE CVE-2021-44542 page
- SUSE CVE CVE-2021-44543 page
Описание
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.
Затронутые продукты
SUSE Package Hub 15 SP3:privoxy-3.0.33-bp153.2.3.1
SUSE Package Hub 15 SP3:privoxy-doc-3.0.33-bp153.2.3.1
openSUSE Leap 15.2:privoxy-3.0.33-bp153.2.3.1
openSUSE Leap 15.2:privoxy-doc-3.0.33-bp153.2.3.1
Ссылки
- CVE-2021-44540
- SUSE Bug 1193584
Описание
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.
Затронутые продукты
SUSE Package Hub 15 SP3:privoxy-3.0.33-bp153.2.3.1
SUSE Package Hub 15 SP3:privoxy-doc-3.0.33-bp153.2.3.1
openSUSE Leap 15.2:privoxy-3.0.33-bp153.2.3.1
openSUSE Leap 15.2:privoxy-doc-3.0.33-bp153.2.3.1
Ссылки
- CVE-2021-44541
- SUSE Bug 1193584
Описание
A memory leak vulnerability was found in Privoxy when handling errors.
Затронутые продукты
SUSE Package Hub 15 SP3:privoxy-3.0.33-bp153.2.3.1
SUSE Package Hub 15 SP3:privoxy-doc-3.0.33-bp153.2.3.1
openSUSE Leap 15.2:privoxy-3.0.33-bp153.2.3.1
openSUSE Leap 15.2:privoxy-doc-3.0.33-bp153.2.3.1
Ссылки
- CVE-2021-44542
- SUSE Bug 1193584
Описание
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.
Затронутые продукты
SUSE Package Hub 15 SP3:privoxy-3.0.33-bp153.2.3.1
SUSE Package Hub 15 SP3:privoxy-doc-3.0.33-bp153.2.3.1
openSUSE Leap 15.2:privoxy-3.0.33-bp153.2.3.1
openSUSE Leap 15.2:privoxy-doc-3.0.33-bp153.2.3.1
Ссылки
- CVE-2021-44543
- SUSE Bug 1193584