UbuntuUpdates.org

Package "privoxy"

Name: privoxy

Description:

Privacy enhancing HTTP Proxy
Latest version: 3.0.24-1ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://www.privoxy.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "privoxy"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "privoxy" in Xenial

Repository Area Version
base universe 3.0.24-1
updates universe 3.0.24-1ubuntu0.1

Changelog

Version: 3.0.24-1ubuntu0.1 2021-03-22 17:06:16 UTC

  privoxy (3.0.24-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/38_CVE-2021-20217.patch: Prevent an assertion by a
      crafted CGI request.
    - CVE-2021-20217
  * SECURITY UPDATE: Memory leak
    - debian/patches/40_CVE-2021-20216.patch: Fix a memory leak.
    - debian/patches/41_CVE-2020-35502.patch: Fixed memory leaks when a
      response is buffered and the buffer limit is reached or Privoxy is
      running out of memory.
    - debian/patches/42_CVE-2021-20209.patch: Fixed a memory leak in the
      show-status CGI handler when no action files are configured.
    - debian/patches/43_CVE-2021-20210.patch: Fixed a memory leak in the show-status
      CGI handler when no filter files are configured.
    - debian/patches/45_CVE-2021-20212.patch: Fixed a memory leak if multiple
      filters are executed and the last one is skipped due to a pcre error.
    - debian/patches/48_CVE-2021-20215.patch: Fixed memory leaks in the show-status
      CGI handler when memory allocations fail.
    - CVE-2021-20216
    - CVE-2020-35502
    - CVE-2021-20209
    - CVE-2021-20210
    - CVE-2021-20212
    - CVE-2021-20215
  * SECURITY UPDATE: Denial of Service
    - debian/patches/46_CVE-2021-20213.patch: Prevent an unlikely dereference of a
      NULL-pointer that could result in a crash if accept-intercepted-requests
      was enabled.
    - debian/patches/49_CVE-2021-20272.patch: Remove an assertion that could be
      triggered with a crafted CGI request.
    - debian/patches/50_CVE-2021-20273.patch: Overrule invalid image types.
      Prevents a crash with a crafted CGI request if Privoxy is toggled off.
    - debian/patches/51_CVE-2021-20275.patch: Prevent invalid read of size two.
    - debian/patches/52_CVE-2021-20276.patch: Obsolete pcre: Prevent invalid memory
      accesses.
    - CVE-2021-20213
    - CVE-2021-20272
    - CVE-2021-20273
    - CVE-2021-20275
    - CVE-2021-20276
  * Fix detection of insufficient data: debian/patches/39_decompress_iob.patch

 -- Eduardo Barretto <email address hidden> Wed, 17 Mar 2021 17:28:00 +0100
CVE-2021-20272 A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
CVE-2021-20273 A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.
CVE-2021-20275 A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service.
CVE-2021-20276 A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service.


About   -   Send Feedback to @ubuntu_updates