Advisories » MGASA-2015-0042

Updated privoxy packages fix security vulnerabilities

Publication date: 27 Jan 2015
Modification date: 27 Jan 2015
Type: security
Affected Mageia releases : 4

Description

Updated privoxy packages fix security issues:

Fixed a DoS issue in case of client requests with incorrect chunk-encoded 
body. When compiled with assertions enabled (the default) they could 
previously cause Privoxy to abort().

Fixed multiple segmentation faults and memory leaks in the pcrs code. This 
fix also increases the chances that an invalid pcrs command is rejected as 
such. Previously some invalid commands would be loaded without error. Note 
that Privoxy's pcrs sources (action and filter files) are considered 
trustworthy input and should not be writable by untrusted third-parties.
 
Fixed an 'invalid read' bug which could at least theoretically cause 
Privoxy to crash.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15135
• http://openwall.com/lists/oss-security/2015/01/26/4

SRPMS

4/core

• privoxy-3.0.21-2.3.mga4