Bug 1169213 (CVE-2015-1030)

Summary: CVE-2015-1030 privoxy: potential flaws fixed in version 3.0.22
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: carnil, gwync, jrusnack, karsten, sisharma, vkaigoro
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: privoxy 3.0.22 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 10:14:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1169216    

Description Murray McAllister 2014-12-01 04:30:08 UTC 
The 3.0.22 release of Privoxy fixes the following potential flaws:

""
Fixed a memory leak when rejecting client connections due to
the socket limit being reached (CID 66382). This affected
Privoxy 3.0.21 when compiled with IPv6 support (on most
platforms this is the default).

Fixed an immediate-use-after-free bug (CID 66394) and two
additional unconfirmed use-after-free complaints made by
Coverity scan (CID 66391, CID 66376).
""

Version 3.0.22 is already in the Fedora and EPEL 6 testing repositories.

Reference:

http://www.privoxy.org/announce.txt
Comment 3 Martin Prpič 2015-01-12 12:19:18 UTC 
(In reply to Murray McAllister from comment #0)
> Fixed a memory leak when rejecting client connections due to
> the socket limit being reached (CID 66382). This affected
> Privoxy 3.0.21 when compiled with IPv6 support (on most
> platforms this is the default).

This was assigned CVE-2015-1030.

> 
> Fixed an immediate-use-after-free bug (CID 66394) and two
> additional unconfirmed use-after-free complaints made by
> Coverity scan (CID 66391, CID 66376).

This was assigned CVE-2015-1031.

http://seclists.org/oss-sec/2015/q1/111
Comment 4 Vasyl Kaigorodov 2015-01-21 11:51:04 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2015-1201 to
the following vulnerability:

Name: CVE-2015-1201
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1201
Assigned: 20150120
Reference: http://secunia.com/advisories/62123

Privoxy before 3.0.22 allows remote attackers to cause a denial of
service (file descriptor consumption) via unspecified vectors.  NOTE:
the provenance of this information is unknown; the details are
obtained solely from third party information.
Comment 5 Siddharth Sharma 2015-02-25 10:03:50 UTC 
upstream fixes
==============

CVE-2015-1030
-------------

Fixed a memory leak when rejecting client connections due to
the socket limit being reached (CID 66382). This affected
Privoxy 3.0.21 when compiled with IPv6 support (on most
platforms this is the default).

Links:
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/cgisimple.c?view=log

http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/cgisimple.c?view=log&pathrev=v_3_0_22

Patch: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/cgisimple.c?view=patch&r1=1.130&r2=1.131&pathrev=v_3_0_22


CVE-2015-1031
-------------

Fixed an immediate-use-after-free bug (CID 66394) and two
additional unconfirmed use-after-free complaints made by
Coverity scan (CID 66391, CID 66376).

Links:

http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/list.c?view=log&pathrev=v_3_0_22

Patch: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/list.c?view=patch&r1=1.31&r2=1.32&pathrev=v_3_0_22
Comment 6 Vasyl Kaigorodov 2015-03-18 12:57:27 UTC 
CVE-2015-1201 has been split to https://bugzilla.redhat.com/1203237
CVE-2015-1031 has been split to https://bugzilla.redhat.com/1203242