 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.856122 |
| Categoría: | openSUSE Local Security Checks |
| Título: | openSUSE Security Advisory (openSUSE-SU-2024:0119-1) |
| Resumen: | The remote host is missing an update for the 'tinyproxy' package(s) announced via the openSUSE-SU-2024:0119-1 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'tinyproxy' package(s) announced via the openSUSE-SU-2024:0119-1 advisory. Vulnerability Insight: This update for tinyproxy fixes the following issues: - Update to release 1.11.2 * Fix potential use-after-free in header handling [CVE-2023-49606, boo#1223746] * Prevent junk from showing up in error page in invalid requests [CVE-2022-40468, CVE-2023-40533, boo#1223743] - Move tinyproxy program to /usr/bin. - Update to release 1.11.1 * New fnmatch based filtertype - Update to release 1.11 * Support for multiple bind directives. - update to 1.10.0: * Configuration file has moved from /etc/tinyproxy.conf to /etc/tinyproxy/tinyproxy.conf. * Add support for basic HTTP authentication * Add socks upstream support * Log to stdout if no logfile is specified * Activate reverse proxy by default * Support bind with transparent mode * Allow multiple listen statements in the configuration * Fix CVE-2017-11747: Create PID file before dropping privileges. * Fix CVE-2012-3505: algorithmic complexity DoS in hashmap * Bugfixes * BB#110: fix algorithmic complexity DoS in hashmap * BB#106: fix CONNECT requests with IPv6 literal addresses as host * BB#116: fix invalid free for GET requests to ipv6 literal address * BB#115: Drop supplementary groups * BB#109: Fix crash (infinite loop) when writing to log file fails * BB#74: Create log and pid files after we drop privs * BB#83: Use output of id instead of $USER Affected Software/OS: 'tinyproxy' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3505 1027412 http://www.securitytracker.com/id?1027412 50278 http://secunia.com/advisories/50278 51074 http://secunia.com/advisories/51074 DSA-2564 http://www.debian.org/security/2012/dsa-2564 [oss-security] 20120817 CVE request: tinyproxy http://www.openwall.com/lists/oss-security/2012/08/17/3 [oss-security] 20120818 Re: CVE request: tinyproxy http://www.openwall.com/lists/oss-security/2012/08/18/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281 https://banu.com/bugzilla/show_bug.cgi?id=110 https://banu.com/bugzilla/show_bug.cgi?id=110#c2 https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985 Common Vulnerability Exposure (CVE) ID: CVE-2017-11747 https://github.com/tinyproxy/tinyproxy/issues/106 https://lists.debian.org/debian-lts-announce/2020/03/msg00037.html Common Vulnerability Exposure (CVE) ID: CVE-2022-40468 https://security.gentoo.org/glsa/202305-27 https://github.com/tinyproxy/tinyproxy https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469c4b00/src/reqs.c#L346 https://github.com/tinyproxy/tinyproxy/issues/457 https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815 Common Vulnerability Exposure (CVE) ID: CVE-2023-40533 Common Vulnerability Exposure (CVE) ID: CVE-2023-49606 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889 http://www.openwall.com/lists/oss-security/2024/05/07/1 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |