Package "privoxy"
Name: |
privoxy
|
Description: |
Privacy enhancing HTTP Proxy
|
Latest version: |
3.0.28-2ubuntu0.2 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Homepage: |
https://www.privoxy.org/ |
Links
Download "privoxy"
Other versions of "privoxy" in Focal
Changelog
privoxy (3.0.28-2ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-44540.patch: fixed the get_url_spec_param()
by freeing memory of compiled pattern spec before bailing.
- CVE-2021-44540
* SECURITY UPDATE: XSS
- debian/patches/CVE-2021-44543.patch: fixed the cgi_error_no_template()
by encoding the template name.
- CVE-2021-44543
-- Amir Naseredini <email address hidden> Mon, 23 Jan 2023 11:22:07 +0000
|
Source diff to previous version |
CVE-2021-44540 |
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. |
CVE-2021-44543 |
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce |
|
privoxy (3.0.28-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/38_CVE-2021-20217.patch: Prevent an assertion by a
crafted CGI request.
- CVE-2021-20217
* SECURITY UPDATE: Memory leak
- debian/patches/40_CVE-2021-20216.patch: Fix a memory leak.
- debian/patches/41_CVE-2020-35502.patch: Fixed memory leaks when a
response is buffered and the buffer limit is reached or Privoxy is
running out of memory.
- debian/patches/42_CVE-2021-20209.patch: Fixed a memory leak in the
show-status CGI handler when no action files are configured.
- debian/patches/43_CVE-2021-20210.patch: Fixed a memory leak in the show-status
CGI handler when no filter files are configured.
- debian/patches/44_CVE-2021-20211.patch: Fixes a memory leak when client tags
are active.
- debian/patches/45_CVE-2021-20212.patch: Fixed a memory leak if multiple
filters are executed and the last one is skipped due to a pcre error.
- debian/patches/48_CVE-2021-20215.patch: Fixed memory leaks in the show-status
CGI handler when memory allocations fail.
- debian/patches/53_CVE-2021-20214.patch: Plug memory leaks.
- CVE-2021-20216
- CVE-2020-35502
- CVE-2021-20209
- CVE-2021-20210
- CVE-2021-20211
- CVE-2021-20212
- CVE-2021-20215
- CVE-2021-20214
* SECURITY UPDATE: Denial of Service
- debian/patches/46_CVE-2021-20213.patch: Prevent an unlikely dereference of a
NULL-pointer that could result in a crash if accept-intercepted-requests
was enabled.
- debian/patches/49_CVE-2021-20272.patch: Remove an assertion that could be
triggered with a crafted CGI request.
- debian/patches/50_CVE-2021-20273.patch: Overrule invalid image types.
Prevents a crash with a crafted CGI request if Privoxy is toggled off.
- debian/patches/51_CVE-2021-20275.patch: Prevent invalid read of size two.
- debian/patches/52_CVE-2021-20276.patch: Obsolete pcre: Prevent invalid memory
accesses.
- CVE-2021-20213
- CVE-2021-20272
- CVE-2021-20273
- CVE-2021-20275
- CVE-2021-20276
* Fix detection of insufficient data: debian/patches/39_decompress_iob.patch
-- Eduardo Barretto <email address hidden> Thu, 18 Mar 2021 18:01:17 +0100
|
CVE-2021-20272 |
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. |
CVE-2021-20273 |
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. |
CVE-2021-20275 |
A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. |
CVE-2021-20276 |
A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. |
|
About
-
Send Feedback to @ubuntu_updates