All errata/sisyphus/ALT-PU-2015-1335-1
ALT-PU-2015-1335-1

Package update privoxy in branch sisyphus

Version3.0.23-alt1
Task#142399
Published2015-03-29
Max severityHIGH
Severity:

Closed issues (6)

CVE-2015-1030
MEDIUM5.0

Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.

Published: 2015-01-20Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2015-1031
HIGH7.5

Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.

Published: 2015-02-10Modified: 2025-04-12
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
References
CVE-2015-1201
MEDIUM5.0

Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: 2015-01-20Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2015-1380
MEDIUM5.0

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.

Published: 2015-02-03Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2015-1381
MEDIUM5.0

Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.

Published: 2015-02-03Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2015-1382
MEDIUM5.0

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.

Published: 2015-02-03Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References