Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201601-27 ========================================= Severity: Medium Date : 2016-01-25 CVE-ID : CVE-2016-1982 CVE-2016-1983 Package : privoxy Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package privoxy before version 3.0.24-1 is vulnerable to denial of service. Resolution ========= Upgrade to 3.0.24-1. # pacman -Syu "privoxy>=3.0.24-1" The problems have been fixed upstream in version 3.0.24. Workaround ========= None. Description ========== - CVE-2016-1982 (denial of service) A vulnerability was discovered in a way the privoxy deals with corrupted chunk-encoded content. A maliciously crafted input can result in a remote denial of service. - CVE-2016-1983 (denial of service) A vulnerability was found in a way the privoxy processes specific client requests. A request with "Host" header empty could result in an invalid read. Impact ===== A remote attacker is able to craft special input that, when processed, is leading to denial of service. References ========= https://access.redhat.com/security/cve/CVE-2016-1982 https://access.redhat.com/security/cve/CVE-2016-1983 https://seclists.org/oss-sec/2016/q1/179