drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Tinyproxy (Aktualisierung)
Name: |
Preisgabe von Informationen in Tinyproxy (Aktualisierung) |
|
ID: |
USN-7140-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Mo, 6. Januar 2025, 16:17 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40468 |
|
Applikationen: |
tinyproxy |
|
Update von: |
Preisgabe von Informationen in Tinyproxy |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3144083439698785961== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------4Cin0d60S2EJmgtzOnIcocLS"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------4Cin0d60S2EJmgtzOnIcocLS Content-Type: multipart/mixed; boundary="------------p7RvMU44yXNpKwdAKrLuvmCc"; protected-headers="v1" From: Shishir Subedi <shishir.subedi@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <0342abc0-dd86-4caa-b557-dbc979b89b52@canonical.com> Subject: [USN-7140-2] Tinyproxy vulnerability
--------------p7RvMU44yXNpKwdAKrLuvmCc Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-7140-2 January 06, 2025
tinyproxy vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
tinyproxy could be made to expose sensitive information.
Software Description: - tinyproxy: Lightweight, non-caching, optionally anonymizing HTTP proxy
Details:
USN-7140-1 fixed CVE-2022-40468 in tinyproxy. This update provides the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that Tinyproxy did not properly manage memory under certain circumstances. An attacker could possibly use this issue to leak left-over heap data if custom error page templates containing special non-standard variables are used.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS tinyproxy 1.8.3-3ubuntu14.04.1~esm2 Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-7140-2 https://ubuntu.com/security/notices/USN-7140-1 CVE-2022-40468
--------------p7RvMU44yXNpKwdAKrLuvmCc--
--------------4Cin0d60S2EJmgtzOnIcocLS Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQSyA9nA4R5iZYAVzFrgLM9xllPy5AUCZ3vEKAUDAAAAAAAKCRDgLM9xllPy5FfJ AQC6ftohp0o0sANOgn1EnOLcux6S+Ewy2lg5+7PF1AaKegEAjBSsAyZQFvMu4t8sCplPOaJgXSoe FDawhyi+w8jFXAo= =uYMi -----END PGP SIGNATURE-----
--------------4Cin0d60S2EJmgtzOnIcocLS--
--===============3144083439698785961== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============3144083439698785961==--
|
|
|
|