Debian Security Advisory
DLA-142-1 privoxy -- LTS security update
- Date Reported:
- 29 Jan 2015
- Affected Packages:
- privoxy
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-1031, CVE-2015-1381, CVE-2015-1382.
- More information:
-
Several vulnerabilities have been fixed in privoxy, a privacy enhancing HTTP proxy:
- CVE-2015-1031, CID66394
unmap(): Prevent use-after-free if the map only consists of one item.
- CVE-2015-1031, CID66376 and CID66391
pcrs_execute(): Consistently set *result to NULL in case of errors. Should make use-after-free in the caller less likely.
- CVE-2015-1381
Fix multiple segmentation faults and memory leaks in the pcrs code.
- CVE-2015-1382
Fix invalid read to prevent potential crashes.
We recommend that you upgrade your privoxy packages.
For Debian 6
Squeeze
, these issues have been fixed in privoxy version 3.0.16-1+deb6u1 - CVE-2015-1031, CID66394