openSUSE-SU-2021:1646-1

Import Source

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2021:1646-1

Related

Published

2021-12-30T22:33:06Z

Modified

2021-12-30T22:33:06Z

Summary

Security update for privoxy

Details

This update for privoxy fixes the following issues:

privoxy was updated to 3.0.33 (boo#1193584):

CVE-2021-44543: Encode the template name to prevent XSS (cross-side scripting) when Privoxy is configured to servce the user-manual itself
CVE-2021-44540: Free memory of compiled pattern spec before bailing
CVE-2021-44541: Free header memory when failing to get the request destination.
CVE-2021-44542: Prevent memory leaks when handling errors
Disable fast-redirects for a number of domains
Update default block lists
Many bug fixes and minor enhancements

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.33-bp153.2.3.1

{
    "binaries": [
        {
            "privoxy": "3.0.33-bp153.2.3.1",
            "privoxy-doc": "3.0.33-bp153.2.3.1"
        }
    ]
}

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.33-bp153.2.3.1

{
    "binaries": [
        {
            "privoxy": "3.0.33-bp153.2.3.1",
            "privoxy-doc": "3.0.33-bp153.2.3.1"
        }
    ]
}

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.33-bp153.2.3.1

{
    "binaries": [
        {
            "privoxy": "3.0.33-bp153.2.3.1",
            "privoxy-doc": "3.0.33-bp153.2.3.1"
        }
    ]
}