drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Privoxy
Name: |
Zwei Probleme in Privoxy |
|
ID: |
FEDORA-2015-1225 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 21 |
|
Datum: |
Mi, 4. Februar 2015, 10:44 |
|
Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=1185925
https://bugzilla.redhat.com/show_bug.cgi?id=1185926 |
|
Applikationen: |
Privoxy |
|
Originalnachricht |
Name : privoxy Product : Fedora 21 Version : 3.0.23 Release : 1.fc21 URL : http://www.privoxy.org/ Summary : Privacy enhancing proxy Description : Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks.
Privoxy is based on the Internet Junkbuster.
------------------------------------------------------------------------------- - Update Information:
It was reported [1] that Privoxy 3.0.23 contains fixes for the following security issues:
- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled
(the default) they could previously cause Privoxy to abort().
Reported by Matthew Daley.
jcc.c?r1=1.433&r2=1.434
- Fixed multiple segmentation faults and memory leaks in the
pcrs code. This fix also increases the chances that an invalid
pcrs command is rejected as such. Previously some invalid commands
would be loaded without error. Note that Privoxy's pcrs sources
(action and filter files) are considered trustworthy input and
should not be writable by untrusted third-parties.
pcrs.c?r1=1.46&r2=1.47
- Fixed an 'invalid read' bug which could at least theoretically
cause Privoxy to crash.
parsers.c?r1=1.297&r2=1.298
[1]: http://seclists.org/oss-sec/2015/q1/259 ------------------------------------------------------------------------------- - ChangeLog:
* Mon Jan 26 2015 Jon Ciesla <limburgher@gmail.com> - 3.0.23-1 - Latest upstream, BZ 1185925. * Fri Nov 21 2014 Jon Ciesla <limburgher@gmail.com> - 3.0.22-1 - Latest upstream, BZ 166398. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1185926 - privoxy: security fixes in 3.0.23 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1185926 [ 2 ] Bug #1185925 - privoxy: security fixes in 3.0.23 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1185925 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update privoxy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|