Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 735
Alerts This Week
Warning Icon 1 735

openSUSE: 2024:0119-1 Important Update for Tinyproxy DoS Threat

opensuse
Calendar Grey May 10, 2024
Dist Opensuse Esm H88
Essential updates for tinyproxy on openSUSE are now accessible; address various vulnerabilities quickly to ensure system integrity.
An update that fixes 5 vulnerabilities is now available

Description

This update for tinyproxy fixes the following issues:

- Update to release 1.11.2

* Fix potential use-after-free in header handling [CVE-2023-49606,

boo#1223746]

* Prevent junk from showing up in error page in invalid requests

[CVE-2022-40468, CVE-2023-40533, boo#1223743]

- Move tinyproxy program to /usr/bin.

- Update to release 1.11.1

* New fnmatch based filtertype

- Update to release 1.11

* Support for multiple bind directives.

- update to 1.10.0:

* Configuration file has moved from /etc/tinyproxy.conf to

/etc/tinyproxy/tinyproxy.conf.

* Add support for basic HTTP authentication

* Add socks upstream support

* Log to stdout if no logfile is specified

* Activate reverse proxy by default

* Support bind with transparent mode

* Allow multiple listen statements in the configuration

* Fix CVE-2017-11747: Create PID file before dropping privileges.

* Fix CVE-2012-3505: algorithmic...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-119=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

tinyproxy-1.11.2-bp155.3.3.1

References

https://www.suse.com/security/cve/CVE-2012-3505.html

https://www.suse.com/security/cve/CVE-2017-11747.html

https://www.suse.com/security/cve/CVE-2022-40468.html

https://www.suse.com/security/cve/CVE-2023-40533.html

https://www.suse.com/security/cve/CVE-2023-49606.html

https://bugzilla.suse.com/1200028

https://bugzilla.suse.com/1203553

https://bugzilla.suse.com/1223743

https://bugzilla.suse.com/1223746

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2024:0119-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP5 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.