New subject: [Bug 1193584] VUL-0: CVE-2021-44540: Multiple issues fixed in Privoxy 3.0.33 stable

9 Dec 2021


      http://bugzilla.opensuse.org/show_bug.cgi?id=1193584


            Bug ID: 1193584
           Summary: VUL-0: CVE-2021-44540: Multiple issues fixed in
                    Privoxy 3.0.33 stable
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 15.3
          Hardware: Other
               URL: https://smash.suse.de/issue/316954/
                OS: Other
            Status: NEW
          Severity: Minor
          Priority: P5 - None
         Component: Basesystem
          Assignee: mseben@gmail.com
          Reporter: abergmann@suse.com
        QA Contact: security-team@suse.de
          Found By: Security Response Team
           Blocker: ---

CVE-2021-44540 via oss-sec mailing list

https://seclists.org/oss-sec/2021/q4/148

Multiple issues fixed in Privoxy 3.0.33 stable

- CVE-2021-44540: get_url_spec_param(): Free memory of compiled pattern spec
before bailing.
- CVE-2021-44541: process_encrypted_request_headers(): Free header memory when
failing to get the request destination.
- CVE-2021-44542: send_http_request(): Prevent memory leaks when handling
errors
- CVE-2021-44543: cgi_error_no_template(): Encode the template name to prevent
XSS (cross-site scripting)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1193584] New: VUL-0: CVE-2021-44540: Multiple issues fixed in Privoxy 3.0.33 stable

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

bugzilla_noreply＠suse.com

tags

participants (1)