ALT-PU-2015-1335-1

Обновление пакета privoxy в ветке sisyphus

Версия3.0.23-alt1

Задание#142399

Опубликовано2015-03-29

Макс. серьёзностьHIGH

Серьёзность:

Закрытые проблемы (6)

CVE-2015-1030

MEDIUM5.0

Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.

Опубликовано: 2015-01-20Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ссылки

CVE-2015-1031

HIGH7.5

Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.

Опубликовано: 2015-02-10Изменено: 2025-04-12

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ссылки

CVE-2015-1201

MEDIUM5.0

Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Опубликовано: 2015-01-20Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ссылки

CVE-2015-1380

MEDIUM5.0

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.

Опубликовано: 2015-02-03Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ссылки

CVE-2015-1381

MEDIUM5.0

Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors.

Опубликовано: 2015-02-03Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ссылки

CVE-2015-1382

MEDIUM5.0

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.

Опубликовано: 2015-02-03Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ссылки