Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 20 articles for you...
172
security advisorydenial of servicecriticalUbuntu 20.04 & 18.04 USN-5826-1 Critical: Privoxy DoS & XSS
Several security issues were fixed in Privoxy.. =========================================================================Ubuntu Security Notice USN-5826-1 January 25, 2023 privoxy vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Privoxy. Software Description: - privoxy: Privacy enhancing HTTP Proxy Details: Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-44540) Artem Ivanov discovered that Privoxy incorrectly handled input validations. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. (CVE-2021-44543) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: privoxy 3.0.28-2ubuntu0.2 Ubuntu 18.04 LTS: privoxy 3.0.26-5ubuntu0.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5826-1 CVE-2021-44540, CVE-2021-44543 . Numerous risks associated with Privoxy are detailed in Ubuntu Security Notice USN-5826-1, highlighting significant flaws.. Privoxy Security Notice, Ubuntu 20.04, Ubuntu 18.04, Denial of Service Fix, Cross-Site Scripting Mitigation. . Severity: Critical. LinuxSecurity.com Team
Jan 25, 2023
•Critical
Ubuntu
202
security advisorysoftware updateXSSopenSUSE: 2022:10186-1 Important: Privoxy Memory Leak and XSS Fix
An update that fixes four vulnerabilities is now available. . openSUSE Security Update: Security update for privoxy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10186-1 Rating: important References: #1193584 Cross-References: CVE-2021-44540 CVE-2021-44541 CVE-2021-44542 CVE-2021-44543 CVSS scores: CVE-2021-44540 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44541 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44542 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44543 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for privoxy fixes the following issues: privoxy was updated to 3.0.33 (boo#1193584): * CVE-2021-44543: Encode the template name to prevent XSS (cross-side scripting) when Privoxy is configured to servce the user-manual itself * CVE-2021-44540: Free memory of compiled pattern spec before bailing * CVE-2021-44541: Free header memory when failing to get the request destination. * CVE-2021-44542: Prevent memory leaks when handling errors * Disable fast-redirects for a number of domains * Update default block lists * Many bug fixes and minor enhancements Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10186=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): privoxy-3.0.33-bp154.3.3.1 - openSUSE Backports SLE-15-SP4 (noarch): privoxy-doc-3.0.33-bp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-44540.html https://www.suse.com/security/cve/CVE-2021-44541.html https://www.suse.com/security/cve/CVE-2021-44542.html https://www.suse.com/security/cve/CVE-2021-44543.html https://bugzilla.suse.com/1193584 . This critical openSUSE security notice outlines resolutions for a range of vulnerabilities and memory overflow issues in privoxy.. Privoxy Update, OpenSUSE Important Advisory, Security Fixes, XSS Prevention. . Severity: Important. LinuxSecurity.com Team
Nov 02, 2022
•Important
OpenSUSE
202
security advisoryXSSpatchopenSUSE: 2021:1646-1 Important: Privoxy XSS And Memory Leak Fixes
An update that fixes four vulnerabilities is now available. . openSUSE Security Update: Security update for privoxy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1646-1 Rating: important References: #1193584 Cross-References: CVE-2021-44540 CVE-2021-44541 CVE-2021-44542 CVE-2021-44543 Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for privoxy fixes the following issues: privoxy was updated to 3.0.33 (boo#1193584): * CVE-2021-44543: Encode the template name to prevent XSS (cross-side scripting) when Privoxy is configured to servce the user-manual itself * CVE-2021-44540: Free memory of compiled pattern spec before bailing * CVE-2021-44541: Free header memory when failing to get the request destination. * CVE-2021-44542: Prevent memory leaks when handling errors * Disable fast-redirects for a number of domains * Update default block lists * Many bug fixes and minor enhancements Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1646=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2021-1646=1 Package List: - openSUSE Leap 15.2 (x86_64): privoxy-3.0.33-lp152.3.12.1 privoxy-debuginfo-3.0.33-lp152.3.12.1 privoxy-debugsource-3.0.33-lp152.3.12.1 - openSUSE Leap 15.2 (noarch): privoxy-doc-3.0.33-lp152.3.12.1 - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): privoxy-3.0.33-bp153.2.3.1 - openSUSE BackportsSLE-15-SP3 (noarch): privoxy-doc-3.0.33-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2021-44540.html https://www.suse.com/security/cve/CVE-2021-44541.html https://www.suse.com/security/cve/CVE-2021-44542.html https://www.suse.com/security/cve/CVE-2021-44543.html https://bugzilla.suse.com/1193584 . This release for Ubuntu rectifies several critical vulnerabilities in transmission, augmenting both reliability and protection.. openSUSE Security Update, privoxy, security patch, important fixes. . Severity: Important. LinuxSecurity.com Team
Dec 30, 2021
•Important
OpenSUSE
203
security advisorycross-site scriptingmemory leakMageia 8 MGASA-2021-0570 Moderate: Privoxy Memory Leak Risk
Updated privoxy packages fix security vulnerabilities: A security issue has been found in Privoxy before version 3.0.33. get_url_spec_param() did not free memory of compiled pattern spec before bailing (CVE-2021-44540). . MGASA-2021-0570 - Updated privoxy packages fix security vulnerabilities Publication date: 19 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0570.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-44540, CVE-2021-44541, CVE-2021-44542, CVE-2021-44543 Updated privoxy packages fix security vulnerabilities: A security issue has been found in Privoxy before version 3.0.33. get_url_spec_param() did not free memory of compiled pattern spec before bailing (CVE-2021-44540). A security issue has been found in Privoxy before version 3.0.33. process_encrypted_request_headers() did not free header memory when failing to get the request destination (CVE-2021-44541). A security issue has been found in Privoxy before version 3.0.33. send_http_request() leaked memory when handling errors (CVE-2021-44542). A security issue has been found in Privoxy before version 3.0.33. cgi_error_no_template() did not encode the template name, which could lead to cross-site scripting when Privoxy is configured to servce the user-manual itself (CVE-2021-44543). References: - https://bugs.mageia.org/show_bug.cgi?id=29745 - http://www.privoxy.org/announce.txt - https://www.cve.org/CVERecord?id=CVE-2021-44540 - https://www.cve.org/CVERecord?id=CVE-2021-44541 - https://www.cve.org/CVERecord?id=CVE-2021-44542 - https://www.cve.org/CVERecord?id=CVE-2021-44543 SRPMS: - 8/core/privoxy-3.0.32-1.1.mga8 . The recent maintenance patch for privoxy corrects memory leaks and mitigates cross-origin scripting vulnerabilities to bolster overall system security.. Privoxy Updates, Mageia Security, Memory Management Issues. . LinuxSecurity.com Team
Dec 19, 2021
Mageia
197
security advisorycriticaldebianDebian 9 Privoxy XSS And DoS Issues: Advisory DLA-2844-1 Critical
Artem Ivanov and Joshua Rogers found an XSS and a DOS issue, respectively, affecting src:privoxy, a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2844-1
Dec 13, 2021
•Critical
Debian LTS
91
security advisorydenial of servicegentooArchLinux: ALSA-202307-32 Medium: PulseAudio Memory Leak Vulnerability
Multiple vulnerabilities have been found in Privoxy, the worst of which could result in Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Privoxy: Multiple vulnerabilities Date: July 08, 2021 Bugs: #758428, #768096, #771960 ID: 202107-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Privoxy, the worst of which could result in Denial of Service. Background ========= Privoxy is a web proxy with advanced filtering capabilities for enhancing privacy. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-proxy/privoxy < 3.0.32 > = 3.0.32 Description ========== Multiple vulnerabilities have been discovered in privoxy. Please review the CVE identifiers referenced below for details. Impact ===== An attacker could cause a possible Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Privoxy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-proxy/privoxy-3.0.32" References ========= [ 1 ] CVE-2020-35502 https://nvd.nist.gov/vuln/detail/CVE-2020-35502 [ 2 ] CVE-2021-20209 https://nvd.nist.gov/vuln/detail/CVE-2021-20209 [ 3 ] CVE-2021-20210 https://nvd.nist.gov/vuln/detail/CVE-2021-20210 [ 4 ] CVE-2021-20211 https://nvd.nist.gov/vuln/detail/CVE-2021-20211 [ 5 ]CVE-2021-20212 https://nvd.nist.gov/vuln/detail/CVE-2021-20212 [ 6 ] CVE-2021-20213 https://nvd.nist.gov/vuln/detail/CVE-2021-20213 [ 7 ] CVE-2021-20214 https://nvd.nist.gov/vuln/detail/CVE-2021-20214 [ 8 ] CVE-2021-20215 https://nvd.nist.gov/vuln/detail/CVE-2021-20215 [ 9 ] CVE-2021-20216 https://nvd.nist.gov/vuln/detail/CVE-2021-20216 [ 10 ] CVE-2021-20217 https://nvd.nist.gov/vuln/detail/CVE-2021-20217 [ 11 ] CVE-2021-20272 https://nvd.nist.gov/vuln/detail/CVE-2021-20272 [ 12 ] CVE-2021-20273 https://nvd.nist.gov/vuln/detail/CVE-2021-20273 [ 13 ] CVE-2021-20274 https://nvd.nist.gov/vuln/detail/CVE-2021-20274 [ 14 ] CVE-2021-20275 https://nvd.nist.gov/vuln/detail/CVE-2021-20275 [ 15 ] CVE-2021-20276 https://nvd.nist.gov/vuln/detail/CVE-2021-20276 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 07, 2021
•Medium
Gentoo
203
security advisorybuffer overflowpackage updateMageia 7, 8 Security Advisory: Privoxy Package Update 2021-0166 Moderate
Updated privoxy package fixes security vulnerabilities: The privoxy package has been updated to version 3.0.32, fixing five security issues and several other bugs. . MGASA-2021-0166 - Updated privoxy packages fix security vulnerabilities Publication date: 02 Apr 2021 URL: https://advisories.mageia.org/MGASA-2021-0166.html Type: security Affected Mageia releases: 7, 8 Updated privoxy package fixes security vulnerabilities: The privoxy package has been updated to version 3.0.32, fixing five security issues and several other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=28456 - https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html SRPMS: - 8/core/privoxy-3.0.32-1.mga8 - 7/core/privoxy-3.0.32-1.mga7 . Mageia 2021-0178 outlines revisions to the network-manager package, resolving four security vulnerabilities. Published April 5, 2021.. Privoxy Update, Mageia Advisory, Security Fix. . LinuxSecurity.com Team
Apr 02, 2021
Mageia
172
security advisorydenial of servicecriticalUbuntu 20.10 USN-4886-1 Critical: Privoxy Denial Of Service
Several security issues were fixed in Privoxy.. =========================================================================Ubuntu Security Notice USN-4886-1 March 22, 2021 privoxy vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Privoxy. Software Description: - privoxy: Privacy enhancing HTTP Proxy Details: It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2020-35502, CVE-2021-20209, CVE-2021-20210, CVE-2021-20213, CVE-2021-20215, CVE-2021-20216, CVE-2021-20217, CVE-2021-20272, CVE-2021-20273, CVE-2021-20275) It was discovered that Privoxy incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2021-20212, CVE-2021-20276) It was discovered that Privoxy incorrectly handled client tags. An attacker could possibly use this issue to cause Privoxy to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-20211) It was discovered that Privoxy incorrectly handled client tags. An attacker could possibly use this issue to cause Privoxy to consume resources, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-20214) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: privoxy 3.0.28-3ubuntu0.1 Ubuntu 20.04 LTS: privoxy 3.0.28-2ubuntu0.1 Ubuntu 18.04 LTS: privoxy 3.0.26-5ubuntu0.1 Ubuntu 16.04 LTS: privoxy 3.0.24-1ubuntu0.1 Ubuntu14.04 ESM: privoxy 3.0.21-7+deb8u1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4886-1 CVE-2020-35502, CVE-2021-20209, CVE-2021-20210, CVE-2021-20211, CVE-2021-20212, CVE-2021-20213, CVE-2021-20214, CVE-2021-20215, CVE-2021-20216, CVE-2021-20217, CVE-2021-20272, CVE-2021-20273, CVE-2021-20275, CVE-2021-20276 Package Information: https://launchpad.net/ubuntu/+source/privoxy/3.0.28-3ubuntu0.1 https://launchpad.net/ubuntu/+source/privoxy/3.0.28-2ubuntu0.1 https://launchpad.net/ubuntu/+source/privoxy/3.0.26-5ubuntu0.1 https://launchpad.net/ubuntu/+source/privoxy/3.0.24-1ubuntu0.1 . Ubuntu's USN-4887-1 resolves security vulnerabilities in Privoxy, enabling malicious actors to potentially leak confidential data.. Privoxy Security, Ubuntu Advisory, Denial of Service, Privoxy Fix. . Severity: Critical. LinuxSecurity.com Team
Mar 22, 2021
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!