Ubuntu 14.04 LTS: USN-7140-2 moderate: tinyproxy sensitive data leak
ubuntu
January 6, 2025
tinyproxy could be made to expose sensitive information.
Summary
tinyproxy could be made to expose sensitive information.
Software Description:
- tinyproxy: Lightweight, non-caching, optionally anonymizing HTTP proxy
Details:
USN-7140-1 fixed CVE-2022-40468 in tinyproxy. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that Tinyproxy did not properly manage memory under
certain circumstances. An attacker could possibly use this issue to leak
left-over heap data if custom error page templates containing special
non-standard variables are used.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS tinyproxy 1.8.3-3ubuntu14.04.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7140-2
https://ubuntu.com/security/notices/USN-7140-1
CVE-2022-40468
PREVIOUS
NEXT
Ubuntu Security Notice USN-7140-2
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!