ArchLinux: 201601-27: privoxy: denial of service
Summary
- CVE-2016-1982 (denial of service)
A vulnerability was discovered in a way the privoxy deals with corrupted
chunk-encoded content. A maliciously crafted input can result in a
remote denial of service.
- CVE-2016-1983 (denial of service)
A vulnerability was found in a way the privoxy processes specific client
requests. A request with "Host" header empty could result in an invalid
read.
Resolution
Upgrade to 3.0.24-1.
# pacman -Syu "privoxy>=3.0.24-1"
The problems have been fixed upstream in version 3.0.24.
References
https://access.redhat.com/security/cve/CVE-2016-1982 https://access.redhat.com/security/cve/CVE-2016-1983 https://seclists.org/oss-sec/2016/q1/179
Workaround
None.