Security update for Privoxy SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0311-1 Final 1 1 2016-02-02T06:07:14Z current 2016-02-02T06:07:14Z 2016-02-02T06:07:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Privoxy This update to Privoxy 3.0.24 fixes two minor security issues. The vulnerabilities should not be exploitable in the binary as compiled in openSUSE. * CVE-2016-1982: Corrupt chunk-encoded content could cause an invalid read (boo#963151) * CVE-2016-1983: Empty Host headers in client requests could result in invalid reads (boo#963152) This update also contains general bug fixes and improvements as well as white and blacklist updates. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-02/msg00011.html E-Mail link for openSUSE-SU-2016:0311-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings privoxy-3.0.24-2.23.1 privoxy-doc-3.0.24-2.23.1 The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. CVE-2016-1982 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00011.html https://www.suse.com/security/cve/CVE-2016-1982.html CVE-2016-1982 https://bugzilla.suse.com/963151 SUSE Bug 963151 The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. CVE-2016-1983 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00011.html https://www.suse.com/security/cve/CVE-2016-1983.html CVE-2016-1983 https://bugzilla.suse.com/963152 SUSE Bug 963152