privoxy-3.0.26-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10494-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z privoxy-3.0.26-1.1 on GA media These are all security issues fixed in the privoxy-3.0.26-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10494 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2015-1030/ SUSE CVE CVE-2015-1030 page https://www.suse.com/security/cve/CVE-2015-1031/ SUSE CVE CVE-2015-1031 page https://www.suse.com/security/cve/CVE-2015-1201/ SUSE CVE CVE-2015-1201 page https://www.suse.com/security/cve/CVE-2015-1380/ SUSE CVE CVE-2015-1380 page https://www.suse.com/security/cve/CVE-2015-1381/ SUSE CVE CVE-2015-1381 page https://www.suse.com/security/cve/CVE-2015-1382/ SUSE CVE CVE-2015-1382 page https://www.suse.com/security/cve/CVE-2016-1982/ SUSE CVE CVE-2016-1982 page https://www.suse.com/security/cve/CVE-2016-1983/ SUSE CVE CVE-2016-1983 page openSUSE Tumbleweed privoxy-3.0.26-1.1 privoxy-doc-3.0.26-1.1 privoxy-3.0.26-1.1 as a component of openSUSE Tumbleweed privoxy-doc-3.0.26-1.1 as a component of openSUSE Tumbleweed Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. CVE-2015-1030 openSUSE Tumbleweed:privoxy-3.0.26-1.1 openSUSE Tumbleweed:privoxy-doc-3.0.26-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1030.html CVE-2015-1030 https://bugzilla.suse.com/907675 SUSE Bug 907675 https://bugzilla.suse.com/913094 SUSE Bug 913094 Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information. CVE-2015-1031 openSUSE Tumbleweed:privoxy-3.0.26-1.1 openSUSE Tumbleweed:privoxy-doc-3.0.26-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1031.html CVE-2015-1031 https://bugzilla.suse.com/907675 SUSE Bug 907675 https://bugzilla.suse.com/913094 SUSE Bug 913094 Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE-2015-1201 openSUSE Tumbleweed:privoxy-3.0.26-1.1 openSUSE Tumbleweed:privoxy-doc-3.0.26-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1201.html CVE-2015-1201 https://bugzilla.suse.com/907675 SUSE Bug 907675 https://bugzilla.suse.com/914450 SUSE Bug 914450 jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. CVE-2015-1380 openSUSE Tumbleweed:privoxy-3.0.26-1.1 openSUSE Tumbleweed:privoxy-doc-3.0.26-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1380.html CVE-2015-1380 https://bugzilla.suse.com/914934 SUSE Bug 914934 Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. CVE-2015-1381 openSUSE Tumbleweed:privoxy-3.0.26-1.1 openSUSE Tumbleweed:privoxy-doc-3.0.26-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1381.html CVE-2015-1381 https://bugzilla.suse.com/914934 SUSE Bug 914934 parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. CVE-2015-1382 openSUSE Tumbleweed:privoxy-3.0.26-1.1 openSUSE Tumbleweed:privoxy-doc-3.0.26-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-1382.html CVE-2015-1382 https://bugzilla.suse.com/914934 SUSE Bug 914934 The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. CVE-2016-1982 openSUSE Tumbleweed:privoxy-3.0.26-1.1 openSUSE Tumbleweed:privoxy-doc-3.0.26-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1982.html CVE-2016-1982 https://bugzilla.suse.com/963151 SUSE Bug 963151 The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. CVE-2016-1983 openSUSE Tumbleweed:privoxy-3.0.26-1.1 openSUSE Tumbleweed:privoxy-doc-3.0.26-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-1983.html CVE-2016-1983 https://bugzilla.suse.com/963152 SUSE Bug 963152