openSUSE Security Update: Security update for Privoxy ______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:0311-1 Rating: low References: #963151 #963152 Cross-References: CVE-2016-1982 CVE-2016-1983 Affected Products: openSUSE 13.1 ______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
This update to Privoxy 3.0.24 fixes two minor security issues.
The vulnerabilities should not be exploitable in the binary as compiled in openSUSE.
* CVE-2016-1982: Corrupt chunk-encoded content could cause an invalid read (boo#963151) * CVE-2016-1983: Empty Host headers in client requests could result in invalid reads (boo#963152)
This update also contains general bug fixes and improvements as well as white and blacklist updates.
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch 2016-132=1
To bring your system up-to-date, use "zypper patch".
- openSUSE 13.1 (i586 x86_64):
privoxy-3.0.24-2.23.1 privoxy-debuginfo-3.0.24-2.23.1 privoxy-debugsource-3.0.24-2.23.1 privoxy-doc-3.0.24-2.23.1
https://www.suse.com/security/cve/CVE-2016-1982.html https://www.suse.com/security/cve/CVE-2016-1983.html https://bugzilla.suse.com/963151 https://bugzilla.suse.com/963152