openSUSE Security Update: Security update for privoxy
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:0006-1
Rating:             moderate
References:         #1157449 
Affected Products:
                    openSUSE Leap 15.2
                    openSUSE Leap 15.1
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update for privoxy fixes the following issues:

   privoxy was updated to 3.0.29:

   * Fixed memory leaks when a response is buffered and the buffer limit is
     reached or Privoxy is running out of memory. OVE-20201118-0001
   * Fixed a memory leak in the show-status CGI handler when no action files
     are configured OVE-20201118-0002
   * Fixed a memory leak in the show-status CGI handler when no filter files
     are configured OVE-20201118-0003
   * Fixes a memory leak when client tags are active OVE-20201118-0004
   * Fixed a memory leak if multiple filters are executed and the last one is
     skipped due to a pcre error OVE-20201118-0005
   * Prevent an unlikely dereference of a NULL-pointer that could result in a
     crash if accept-intercepted-requests was enabled, Privoxy failed to get
     the request destination from the Host header and a memory allocation
     failed. OVE-20201118-0006
   * Fixed memory leaks in the client-tags CGI handler when client tags are
     configured and memory allocations fail. OVE-20201118-0007
   * Fixed memory leaks in the show-status CGI handler when memory
     allocations fail OVE-20201118-0008
   * Add experimental https inspection support
   * Use JIT compilation for static filtering for speedup
   * Add support for Brotli decompression, add 'no-brotli-accepted' filter
     which prevents the use of Brotli compression
   * Add feature to gather exended statistics
   * Use IP_FREEBIND socket option to help with failover
   * Allow to use extended host patterns and vanilla host patterns at the
     same time by prefixing extended host patterns with "PCRE-HOST-PATTERN:"
   * Added "Cross-origin resource sharing" (CORS) support
   * Add SOCKS5 username/password support
   * Bump the maximum number of action and filter files to 100 each
   * Fixed handling of filters with "split-large-forms 1" when using the CGI
     editor.
   * Better detect a mismatch of connection details when figuring out whether
     or not a connection can be reused
   * Don't send a "Connection failure" message instead of the "DNS failure"
     message
   * Let LOG_LEVEL_REQUEST log all requests
   * Improvements to default Action file

   License changed to GPLv3.

   - remove packaging vulnerability boo#1157449


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-6=1

   - openSUSE Leap 15.1:

      zypper in -t patch openSUSE-2021-6=1



Package List:

   - openSUSE Leap 15.2 (noarch):

      privoxy-doc-3.0.29-lp152.3.3.1

   - openSUSE Leap 15.2 (x86_64):

      privoxy-3.0.29-lp152.3.3.1
      privoxy-debuginfo-3.0.29-lp152.3.3.1
      privoxy-debugsource-3.0.29-lp152.3.3.1

   - openSUSE Leap 15.1 (noarch):

      privoxy-doc-3.0.29-lp151.2.3.1

   - openSUSE Leap 15.1 (x86_64):

      privoxy-3.0.29-lp151.2.3.1
      privoxy-debuginfo-3.0.29-lp151.2.3.1
      privoxy-debugsource-3.0.29-lp151.2.3.1


References:

   https://bugzilla.suse.com/1157449

openSUSE: 2021:0006-1 moderate: privoxy

January 1, 2021
An update that contains security fixes can now be installed

Description

This update for privoxy fixes the following issues: privoxy was updated to 3.0.29: * Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. OVE-20201118-0001 * Fixed a memory leak in the show-status CGI handler when no action files are configured OVE-20201118-0002 * Fixed a memory leak in the show-status CGI handler when no filter files are configured OVE-20201118-0003 * Fixes a memory leak when client tags are active OVE-20201118-0004 * Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error OVE-20201118-0005 * Prevent an unlikely dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. OVE-20201118-0006 * Fixed memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail. OVE-20201118-0007 * Fixed memory leaks in the show-status CGI handler when memory allocations fail OVE-20201118-0008 * Add experimental https inspection support * Use JIT compilation for static filtering for speedup * Add support for Brotli decompression, add 'no-brotli-accepted' filter which prevents the use of Brotli compression * Add feature to gather exended statistics * Use IP_FREEBIND socket option to help with failover * Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended host patterns with "PCRE-HOST-PATTERN:" * Added "Cross-origin resource sharing" (CORS) support * Add SOCKS5 username/password support * Bump the maximum number of action and filter files to 100 each * Fixed handling of filters with "split-large-forms 1" when using the CGI editor. * Better detect a mismatch of connection details when figuring out whether or not a connection can be reused * Don't send a "Connection failure" message instead of the "DNS failure" message * Let LOG_LEVEL_REQUEST log all requests * Improvements to default Action file License changed to GPLv3. - remove packaging vulnerability boo#1157449

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-6=1 - openSUSE Leap 15.1: zypper in -t patch openSUSE-2021-6=1


Package List

- openSUSE Leap 15.2 (noarch): privoxy-doc-3.0.29-lp152.3.3.1 - openSUSE Leap 15.2 (x86_64): privoxy-3.0.29-lp152.3.3.1 privoxy-debuginfo-3.0.29-lp152.3.3.1 privoxy-debugsource-3.0.29-lp152.3.3.1 - openSUSE Leap 15.1 (noarch): privoxy-doc-3.0.29-lp151.2.3.1 - openSUSE Leap 15.1 (x86_64): privoxy-3.0.29-lp151.2.3.1 privoxy-debuginfo-3.0.29-lp151.2.3.1 privoxy-debugsource-3.0.29-lp151.2.3.1


References

https://bugzilla.suse.com/1157449


Severity
Announcement ID: openSUSE-SU-2021:0006-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 .

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved