oss-sec mailing list archives
Multiple issues fixed in Privoxy 3.0.33 stable
From: Fabian Keil <freebsd-listen () fabiankeil de>
Date: Thu, 9 Dec 2021 13:02:18 +0100
Announcing Privoxy 3.0.33 stable -------------------------------------------------------------------- Privoxy 3.0.33 fixes an XSS issue, multiple DoS issues and a couple of other bugs. The issues also affect earlier Privoxy releases. Privoxy 3.0.33 also comes with a couple of general improvements and new features. -------------------------------------------------------------------- ChangeLog for Privoxy 3.0.33 -------------------------------------------------------------------- - Security/Reliability: - cgi_error_no_template(): Encode the template name to prevent XSS (cross-site scripting) when Privoxy is configured to servce the user-manual itself. Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543. Reported by: Artem Ivanov - get_url_spec_param(): Free memory of compiled pattern spec before bailing. Reported by Joshua Rogers (Opera) who also provided the fix. Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540. - process_encrypted_request_headers(): Free header memory when failing to get the request destination. Reported by Joshua Rogers (Opera) who also provided the fix. Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541. - send_http_request(): Prevent memory leaks when handling errors Reported by Joshua Rogers (Opera) who also provided the fix. Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542. [...] ----------------------------------------------------------------- About Privoxy: ----------------------------------------------------------------- Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks. Privoxy is Free Software and licensed under the GNU GPLv2. [...] Home Page: https://www.privoxy.org/ Complete announcement: https://lists.privoxy.org/pipermail/privoxy-announce/2021-December/000009.html
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Multiple issues fixed in Privoxy 3.0.33 stable Fabian Keil (Dec 09)