[SECURITY] Fedora 21 Update: privoxy-3.0.23-1.fc21

updates at fedoraproject.org updates at fedoraproject.org
Wed Feb 4 07:58:38 UTC 2015


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-1225
2015-01-27 00:11:13
--------------------------------------------------------------------------------

Name        : privoxy
Product     : Fedora 21
Version     : 3.0.23
Release     : 1.fc21
URL         : http://www.privoxy.org/
Summary     : Privacy enhancing proxy
Description :
Privoxy is a web proxy with advanced filtering capabilities for
protecting privacy, filtering web page content, managing cookies,
controlling access, and removing ads, banners, pop-ups and other
obnoxious Internet junk. Privoxy has a very flexible configuration and
can be customized to suit individual needs and tastes. Privoxy has application
for both stand-alone systems and multi-user networks.

Privoxy is based on the Internet Junkbuster.

--------------------------------------------------------------------------------
Update Information:

It was reported [1] that Privoxy 3.0.23 contains fixes for the following security issues:

- Fixed a DoS issue in case of client requests with incorrect
  chunk-encoded body. When compiled with assertions enabled
  (the default) they could previously cause Privoxy to abort().
  Reported by Matthew Daley.
  http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/jcc.c?r1=1.433&r2=1.434

- Fixed multiple segmentation faults and memory leaks in the
  pcrs code. This fix also increases the chances that an invalid
  pcrs command is rejected as such. Previously some invalid commands
  would be loaded without error. Note that Privoxy's pcrs sources
  (action and filter files) are considered trustworthy input and
  should not be writable by untrusted third-parties.
  http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47

- Fixed an 'invalid read' bug which could at least theoretically
  cause Privoxy to crash.
  http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298

[1]: http://seclists.org/oss-sec/2015/q1/259
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 26 2015 Jon Ciesla <limburgher at gmail.com> - 3.0.23-1
- Latest upstream, BZ 1185925.
* Fri Nov 21 2014 Jon Ciesla <limburgher at gmail.com> - 3.0.22-1
- Latest upstream, BZ 166398.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1185926 - privoxy: security fixes in 3.0.23 [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1185926
  [ 2 ] Bug #1185925 - privoxy: security fixes in 3.0.23 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1185925
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update privoxy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list