Security update for privoxy
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2015:0230-1
Final
1
1
2015-01-30T14:57:46Z
current
2015-01-30T14:57:46Z
2015-01-30T14:57:46Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for privoxy
privoxy was updated to version 3.0.23 to fix three security issues.
These security issues were fixed:
- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled
(the default) they could previously cause Privoxy to abort() (CVE-2015-1380).
- Fixed multiple segmentation faults and memory leaks in the
pcrs code. This fix also increases the chances that an invalid
pcrs command is rejected as such (CVE-2015-1381).
- Client requests with body that can't be delivered no longer
cause pipelined requests behind them to be rejected as invalid (CVE-2015-1382).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html
E-Mail link for openSUSE-SU-2015:0230-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
privoxy-3.0.23-2.20.1
privoxy-doc-3.0.23-2.20.1
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
CVE-2015-1380
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html
https://www.suse.com/security/cve/CVE-2015-1380.html
CVE-2015-1380
https://bugzilla.suse.com/914934
SUSE Bug 914934
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.
CVE-2015-1381
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html
https://www.suse.com/security/cve/CVE-2015-1381.html
CVE-2015-1381
https://bugzilla.suse.com/914934
SUSE Bug 914934
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
CVE-2015-1382
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html
https://www.suse.com/security/cve/CVE-2015-1382.html
CVE-2015-1382
https://bugzilla.suse.com/914934
SUSE Bug 914934