|
|
Subscribe / Log in / New account

Mageia alert MGASA-2015-0003 (privoxy)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0003: Updated privoxy package fixes security vulnerabilities 


Date:
    	      Mon, 5 Jan 2015 17:30:53 +0100


Message-ID:
    	      <20150105163053.4115941202@valstar.mageia.org>


MGASA-2015-0003 - Updated privoxy package fixes security vulnerabilities

Publication date: 05 Jan 2015
URL: http://advisories.mageia.org/MGASA-2015-0003.html
Type: security
Affected Mageia releases: 4

Description:
Updated privoxy packages fix security issues:

A memory leak occurred in privoxy 3.0.21 compiled with IPv6 support when 
rejecting client connections due to the socket limit being reached. 
(CID 66382)

A use-after-free bug was found in privoxy 3.0.21 and two additional 
potential use-after-free issues were detected by Coverity scan. (CID 66394, 
CID 66376, CID 66391)

Also fixed is a file descriptor leak in an error path in jbsockets.c. 
(CID 66368)

References:
- https://bugs.mageia.org/show_bug.cgi?id=14892
- http://www.privoxy.org/announce.txt

SRPMS:
- 4/core/privoxy-3.0.21-2.2.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds