Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1203246 (CVE-2015-1381) - CVE-2015-1381 privoxy: denial of service (segmentation faults, memory leaks) issues in pcrs.c
Summary: CVE-2015-1381 privoxy: denial of service (segmentation faults, memory leaks) ...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-1381
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1169216
TreeView+ depends on / blocked
 
Reported: 2015-03-18 13:05 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:30 UTC (History)
3 users (show)

Fixed In Version: Privoxy 3.0.23
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-19 10:15:29 UTC


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-03-18 13:05:33 UTC
Privoxy 3.0.23 fixes following security issue:

- Fixed multiple segmentation faults and memory leaks in the
  pcrs code. This fix also increases the chances that an invalid
  pcrs command is rejected as such. Previously some invalid commands
  would be loaded without error. Note that Privoxy's pcrs sources
  (action and filter files) are considered trustworthy input and
  should not be writable by untrusted third-parties.
  http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47

Original report: http://seclists.org/oss-sec/2015/q1/259


Note You need to log in before you can comment on or make changes to this bug.