Security update for privoxy SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0230-1 Final 1 1 2015-01-30T14:57:46Z current 2015-01-30T14:57:46Z 2015-01-30T14:57:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for privoxy privoxy was updated to version 3.0.23 to fix three security issues. These security issues were fixed: - Fixed a DoS issue in case of client requests with incorrect chunk-encoded body. When compiled with assertions enabled (the default) they could previously cause Privoxy to abort() (CVE-2015-1380). - Fixed multiple segmentation faults and memory leaks in the pcrs code. This fix also increases the chances that an invalid pcrs command is rejected as such (CVE-2015-1381). - Client requests with body that can't be delivered no longer cause pipelined requests behind them to be rejected as invalid (CVE-2015-1382). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html E-Mail link for openSUSE-SU-2015:0230-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings privoxy-3.0.23-2.20.1 privoxy-doc-3.0.23-2.20.1 jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. CVE-2015-1380 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html https://www.suse.com/security/cve/CVE-2015-1380.html CVE-2015-1380 https://bugzilla.suse.com/914934 SUSE Bug 914934 Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. CVE-2015-1381 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html https://www.suse.com/security/cve/CVE-2015-1381.html CVE-2015-1381 https://bugzilla.suse.com/914934 SUSE Bug 914934 parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. CVE-2015-1382 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html https://www.suse.com/security/cve/CVE-2015-1382.html CVE-2015-1382 https://bugzilla.suse.com/914934 SUSE Bug 914934