UbuntuUpdates.org

Package "tinyproxy-bin"

Name: tinyproxy-bin

Description:

Lightweight, non-caching, optionally anonymizing HTTP proxy (executable only)
Latest version: 1.10.0-4ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: universe
Head package: tinyproxy
Homepage: https://tinyproxy.github.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "tinyproxy-bin"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "tinyproxy-bin" in Focal

Repository Area Version
base universe 1.10.0-4
security universe 1.10.0-4ubuntu0.2

Changelog

Version: 1.10.0-4ubuntu0.2 2025-01-08 13:06:56 UTC

  tinyproxy (1.10.0-4ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free in header handling (LP: #2074351)
    - debian/patches/CVE-2023-49606.patch: add validation on `reqs.c` which
      ensures that the value of header is not equal to either "connection"
      or "proxy-connection" to prevent double-free
    - CVE-2023-49606

 -- Shishir Subedi <email address hidden> Mon, 16 Dec 2024 00:21:52 +0545
Source diff to previous version
2074351 CVE-2023-49606
CVE-2023-49606 A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP heade

Version: 1.10.0-4ubuntu0.1 2024-12-09 08:06:50 UTC

  tinyproxy (1.10.0-4ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: sensitive information disclosure
    - debian/patches/CVE-2022-40468.patch: zero-terminate the strings on
      "reqs.c" so that is no leftover data to display in custom error page
    - CVE-2022-40468

 -- Shishir Subedi <email address hidden> Wed, 27 Nov 2024 10:22:13 +0545
CVE-2022-40468 Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and


About   -   Send Feedback to @ubuntu_updates