MGASA-2021-0570

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0570.html

Import Source

https://advisories.mageia.org/MGASA-2021-0570.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0570

Related

Published

2021-12-19T16:13:42Z

Modified

2021-12-19T15:38:28Z

Summary

Updated privoxy packages fix security vulnerabilities

Details

Updated privoxy packages fix security vulnerabilities:

A security issue has been found in Privoxy before version 3.0.33. geturlspec_param() did not free memory of compiled pattern spec before bailing (CVE-2021-44540).

A security issue has been found in Privoxy before version 3.0.33. processencryptedrequest_headers() did not free header memory when failing to get the request destination (CVE-2021-44541).

A security issue has been found in Privoxy before version 3.0.33. sendhttprequest() leaked memory when handling errors (CVE-2021-44542).

A security issue has been found in Privoxy before version 3.0.33. cgierrorno_template() did not encode the template name, which could lead to cross-site scripting when Privoxy is configured to servce the user-manual itself (CVE-2021-44543).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / privoxy

Package

Name: privoxy
Purl: pkg:rpm/mageia/privoxy?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.32-1.1.mga8

Ecosystem specific

{
    "section": "core"
}