Updated libproxy packages fix security vulnerability
Publication date: 27 Sep 2020Modification date: 27 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-25219
Description
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote
HTTP server to trigger uncontrolled recursion via a response composed of an
infinite stream that lacks a newline character. This leads to stack
exhaustion. (CVE-2020-25219)
References
- https://bugs.mageia.org/show_bug.cgi?id=27302
- https://www.debian.org/lts/security/2020/dla-2372
- https://ubuntu.com/security/notices/USN-4514-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25219
SRPMS
7/core
- libproxy-0.4.15-4.1.mga7