Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-142-1 privoxy

Debian Security Advisory

DLA-142-1 privoxy -- LTS security update

Date Reported:

29 Jan 2015

Affected Packages:

privoxy

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-1031, CVE-2015-1381, CVE-2015-1382.

More information:

Several vulnerabilities have been fixed in privoxy, a privacy enhancing HTTP proxy:

• CVE-2015-1031, CID66394

  unmap(): Prevent use-after-free if the map only consists of one item.

• CVE-2015-1031, CID66376 and CID66391

  pcrs_execute(): Consistently set *result to NULL in case of errors. Should make use-after-free in the caller less likely.

• CVE-2015-1381

  Fix multiple segmentation faults and memory leaks in the pcrs code.

• CVE-2015-1382

  Fix invalid read to prevent potential crashes.

We recommend that you upgrade your privoxy packages.

For Debian 6 Squeeze, these issues have been fixed in privoxy version 3.0.16-1+deb6u1