Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Privoxy
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Privoxy
ID: FEDORA-2015-1176
Distribution: Fedora
Plattformen: Fedora 20
Datum: Mi, 4. Februar 2015, 10:44
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1185925
https://bugzilla.redhat.com/show_bug.cgi?id=1185926
Applikationen: Privoxy

Originalnachricht

Name        : privoxy
Product : Fedora 20
Version : 3.0.23
Release : 1.fc20
URL : http://www.privoxy.org/
Summary : Privacy enhancing proxy
Description :
Privoxy is a web proxy with advanced filtering capabilities for
protecting privacy, filtering web page content, managing cookies,
controlling access, and removing ads, banners, pop-ups and other
obnoxious Internet junk. Privoxy has a very flexible configuration and
can be customized to suit individual needs and tastes. Privoxy has application
for both stand-alone systems and multi-user networks.

Privoxy is based on the Internet Junkbuster.

-------------------------------------------------------------------------------
-
Update Information:

It was reported [1] that Privoxy 3.0.23 contains fixes for the following
security issues:

- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled
(the default) they could previously cause Privoxy to abort().
Reported by Matthew Daley.
jcc.c?r1=1.433&r2=1.434

- Fixed multiple segmentation faults and memory leaks in the
pcrs code. This fix also increases the chances that an invalid
pcrs command is rejected as such. Previously some invalid commands
would be loaded without error. Note that Privoxy's pcrs sources
(action and filter files) are considered trustworthy input and
should not be writable by untrusted third-parties.
pcrs.c?r1=1.46&r2=1.47

- Fixed an 'invalid read' bug which could at least theoretically
cause Privoxy to crash.
parsers.c?r1=1.297&r2=1.298

[1]: http://seclists.org/oss-sec/2015/q1/259
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Jan 26 2015 Jon Ciesla <limburgher@gmail.com> - 3.0.23-1
- Latest upstream, BZ 1185925.
* Fri Nov 21 2014 Jon Ciesla <limburgher@gmail.com> - 3.0.22-1
- Latest upstream, BZ 166398.
* Sun Aug 17 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 3.0.21-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 3.0.21-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1185926 - privoxy: security fixes in 3.0.23 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1185926
[ 2 ] Bug #1185925 - privoxy: security fixes in 3.0.23 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1185925
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update privoxy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung