VDB
GCVE-110-MAGEIA-2015-42
GCVE-110-MAGEIA-2015-42
Advisory Published
Updated privoxy packages fix security issues:
Fixed a DoS issue in case of client requests with incorrect chunk-encoded
body. When compiled with assertions enabled (the default) they could
previously cause Privoxy to abort().
Fixed multiple segmentation faults and memory leaks in the pcrs code. This
fix also increases the chances that an invalid pcrs command is rejected as
such. Previously some invalid commands would be loaded without error. Note
that Privoxy's pcrs sources (action and filter files) are considered
trustworthy input and should not be writable by untrusted third-parties.
Fixed an 'invalid read' bug which could at least theoretically cause
Privoxy to crash.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | privoxy | 0 (affected), 3.0.21-2.3.mga4 (unaffected), 0 (affected), 3.0.21-2.3.mga4 (unaffected) | — |
| Mageia | mate-file-manager | 0 (affected), 1.6.3-1.3.mga4 (unaffected) | — |
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.