Debian Security Advisory

DLA-142-1 privoxy -- LTS security update

Date Reported:
29 Jan 2015
Affected Packages:
privoxy
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2015-1031, CVE-2015-1381, CVE-2015-1382.
More information:

Several vulnerabilities have been fixed in privoxy, a privacy enhancing HTTP proxy:

  • CVE-2015-1031, CID66394

    unmap(): Prevent use-after-free if the map only consists of one item.

  • CVE-2015-1031, CID66376 and CID66391

    pcrs_execute(): Consistently set *result to NULL in case of errors. Should make use-after-free in the caller less likely.

  • CVE-2015-1381

    Fix multiple segmentation faults and memory leaks in the pcrs code.

  • CVE-2015-1382

    Fix invalid read to prevent potential crashes.

We recommend that you upgrade your privoxy packages.

For Debian 6 Squeeze, these issues have been fixed in privoxy version 3.0.16-1+deb6u1