 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.853581 |
| Category: | SuSE Local Security Checks |
| Title: | openSUSE: Security Advisory for privoxy (openSUSE-SU-2021:0443-1) |
| Summary: | The remote host is missing an update for the 'privoxy'; package(s) announced via the openSUSE-SU-2021:0443-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'privoxy' package(s) announced via the openSUSE-SU-2021:0443-1 advisory. Vulnerability Insight: This update for privoxy fixes the following issues: Update to version 3.0.32: - Security/Reliability (boo#1183129) - ssplit(): Remove an assertion that could be triggered with a crafted CGI request. Commit 2256d7b4d67. OVE-20210203-0001. CVE-2021-20272 Reported by: Joshua Rogers (Opera) - cgi_send_banner(): Overrule invalid image types. Prevents a crash with a crafted CGI request if Privoxy is toggled off. Commit e711c505c48. OVE-20210206-0001. CVE-2021-20273 Reported by: Joshua Rogers (Opera) - socks5_connect(): Don' t try to send credentials when none are configured. Fixes a crash due to a NULL-pointer dereference when the socks server misbehaves. Commit 85817cc55b9. OVE-20210207-0001. CVE-2021-20274 Reported by: Joshua Rogers (Opera) - chunked_body_is_complete(): Prevent an invalid read of size two. Commit a912ba7bc9c. OVE-20210205-0001. CVE-2021-20275 Reported by: Joshua Rogers (Opera) - Obsolete pcre: Prevent invalid memory accesses with an invalid pattern passed to pcre_compile(). Note that the obsolete pcre code is scheduled to be removed before the 3.0.33 release. There has been a warning since 2008 already. Commit 28512e5b624. OVE-20210222-0001. CVE-2021-20276 Reported by: Joshua Rogers (Opera) - Bug fixes: - Properly parse the client-tag-lifetime directive. Previously it was not accepted as an obsolete hash value was being used. Reported by: Joshua Rogers (Opera) - decompress_iob(): Prevent reading of uninitialized data. Reported by: Joshua Rogers (Opera). - decompress_iob(): Don' t advance cur past eod when looking for the end of the file name and comment. - decompress_iob(): Cast value to unsigned char before shifting. Prevents a left-shift of a negative value which is undefined behaviour. Reported by: Joshua Rogers (Opera) - buf_copy(): Fail if there' s no data to write or nothing to do. Prevents undefined behaviour 'applying zero offset to null pointer'. Reported by: Joshua Rogers (Opera) - log_error(): Treat LOG_LEVEL_FATAL as fatal even when --stfu is being used while fuzzing. Reported by: Jos ... Description truncated. Please see the references for more information. Affected Software/OS: 'privoxy' package(s) on openSUSE Leap 15.2. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-20272 https://security.gentoo.org/glsa/202107-16 https://bugzilla.redhat.com/show_bug.cgi?id=1936651 https://www.privoxy.org/announce.txt https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2021-20273 https://bugzilla.redhat.com/show_bug.cgi?id=1936658 Common Vulnerability Exposure (CVE) ID: CVE-2021-20274 https://bugzilla.redhat.com/show_bug.cgi?id=1936662 Common Vulnerability Exposure (CVE) ID: CVE-2021-20275 https://bugzilla.redhat.com/show_bug.cgi?id=1936666 Common Vulnerability Exposure (CVE) ID: CVE-2021-20276 https://bugzilla.redhat.com/show_bug.cgi?id=1936668 |
| Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |