{"affected":[{"ecosystem_specific":{"binaries":[{"tinyproxy":"1.11.2-bp155.3.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"tinyproxy","purl":"pkg:rpm/suse/tinyproxy&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.11.2-bp155.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tinyproxy":"1.11.2-bp155.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"tinyproxy","purl":"pkg:rpm/opensuse/tinyproxy&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.11.2-bp155.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tinyproxy fixes the following issues:\n\n- Update to release 1.11.2\n  * Fix potential use-after-free in header handling [CVE-2023-49606, boo#1223746]\n  * Prevent junk from showing up in error page in invalid requests [CVE-2022-40468, CVE-2023-40533, boo#1223743]\n\n- Move tinyproxy program to /usr/bin.\n\n- Update to release 1.11.1\n  * New fnmatch based filtertype\n\n- Update to release 1.11\n  * Support for multiple bind directives.\n\n- update to 1.10.0:\n  * Configuration file has moved from /etc/tinyproxy.conf to\n    /etc/tinyproxy/tinyproxy.conf.\n  * Add support for basic HTTP authentication\n  * Add socks upstream support\n  * Log to stdout if no logfile is specified\n  * Activate reverse proxy by default\n  * Support bind with transparent mode\n  * Allow multiple listen statements in the configuration\n  * Fix CVE-2017-11747: Create PID file before dropping privileges.\n  * Fix CVE-2012-3505: algorithmic complexity DoS in hashmap\n  * Bugfixes\n  * BB#110: fix algorithmic complexity DoS in hashmap\n  * BB#106: fix CONNECT requests with IPv6 literal addresses as host\n  * BB#116: fix invalid free for GET requests to ipv6 literal address\n  * BB#115: Drop supplementary groups\n  * BB#109: Fix crash (infinite loop) when writing to log file fails\n  * BB#74: Create log and pid files after we drop privs\n  * BB#83: Use output of id instead of $USER\n","id":"openSUSE-SU-2024:0119-1","modified":"2024-05-10T12:42:27Z","published":"2024-05-10T12:42:27Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OM62U7F2OTTTTR4PTM6RV3UAOCUHRC75/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200028"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203553"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223743"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223746"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2012-3505"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11747"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-40468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40533"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-49606"}],"related":["CVE-2012-3505","CVE-2017-11747","CVE-2022-40468","CVE-2023-40533","CVE-2023-49606"],"summary":"Security update for tinyproxy","upstream":["CVE-2012-3505","CVE-2017-11747","CVE-2022-40468","CVE-2023-40533","CVE-2023-49606"]}