A vulnerabily was discovered in a way the privoxy deals with corrupted chunk-encoded content. A maliciously crafted input can result in a remote denial of service. CVE assignment: http://seclists.org/oss-sec/2016/q1/179 External reference: http://seclists.org/oss-sec/2016/q1/173 Upstream fix: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
Created privoxy tracking bugs for this issue: Affects: fedora-all [bug 1300967] Affects: epel-6 [bug 1300968] Affects: epel-7 [bug 1300969]
Buffer over-read issue, possibly leading to crash. The privoxy is only included in Red Hat Enterprise Linux 5, which is in Phase 3 of its life cycle, and is therefore not planned to have this issue corrected.