——————————————————————————–
Fedora Update Notification
FEDORA-2015-1176
2015-01-27 00:09:22
——————————————————————————–
Name : privoxy
Product : Fedora 20
Version : 3.0.23
Release : 1.fc20
URL : http://www.privoxy.org/
Summary : Privacy enhancing proxy
Description :
Privoxy is a web proxy with advanced filtering capabilities for
protecting privacy, filtering web page content, managing cookies,
controlling access, and removing ads, banners, pop-ups and other
obnoxious Internet junk. Privoxy has a very flexible configuration and
can be customized to suit individual needs and tastes. Privoxy has application
for both stand-alone systems and multi-user networks.
Privoxy is based on the Internet Junkbuster.
——————————————————————————–
Update Information:
It was reported [1] that Privoxy 3.0.23 contains fixes for the following security issues:
– Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled
(the default) they could previously cause Privoxy to abort().
Reported by Matthew Daley.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/jcc.c?r1=1.433&r2=1.434
– Fixed multiple segmentation faults and memory leaks in the
pcrs code. This fix also increases the chances that an invalid
pcrs command is rejected as such. Previously some invalid commands
would be loaded without error. Note that Privoxy’s pcrs sources
(action and filter files) are considered trustworthy input and
should not be writable by untrusted third-parties.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47
– Fixed an ‘invalid read’ bug which could at least theoretically
cause Privoxy to crash.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298
[1]: http://seclists.org/oss-sec/2015/q1/259
——————————————————————————–
ChangeLog:
* Mon Jan 26 2015 Jon Ciesla <limburgher@gmail.com> – 3.0.23-1
– Latest upstream, BZ 1185925.
* Fri Nov 21 2014 Jon Ciesla <limburgher@gmail.com> – 3.0.22-1
– Latest upstream, BZ 166398.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 3.0.21-8
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 3.0.21-7
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
——————————————————————————–
References:
[ 1 ] Bug #1185926 – privoxy: security fixes in 3.0.23 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1185926
[ 2 ] Bug #1185925 – privoxy: security fixes in 3.0.23 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1185925
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update privoxy’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-1225
2015-01-27 00:11:13
——————————————————————————–
Name : privoxy
Product : Fedora 21
Version : 3.0.23
Release : 1.fc21
URL : http://www.privoxy.org/
Summary : Privacy enhancing proxy
Description :
Privoxy is a web proxy with advanced filtering capabilities for
protecting privacy, filtering web page content, managing cookies,
controlling access, and removing ads, banners, pop-ups and other
obnoxious Internet junk. Privoxy has a very flexible configuration and
can be customized to suit individual needs and tastes. Privoxy has application
for both stand-alone systems and multi-user networks.
Privoxy is based on the Internet Junkbuster.
——————————————————————————–
Update Information:
It was reported [1] that Privoxy 3.0.23 contains fixes for the following security issues:
– Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled
(the default) they could previously cause Privoxy to abort().
Reported by Matthew Daley.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/jcc.c?r1=1.433&r2=1.434
– Fixed multiple segmentation faults and memory leaks in the
pcrs code. This fix also increases the chances that an invalid
pcrs command is rejected as such. Previously some invalid commands
would be loaded without error. Note that Privoxy’s pcrs sources
(action and filter files) are considered trustworthy input and
should not be writable by untrusted third-parties.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47
– Fixed an ‘invalid read’ bug which could at least theoretically
cause Privoxy to crash.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298
[1]: http://seclists.org/oss-sec/2015/q1/259
——————————————————————————–
ChangeLog:
* Mon Jan 26 2015 Jon Ciesla <limburgher@gmail.com> – 3.0.23-1
– Latest upstream, BZ 1185925.
* Fri Nov 21 2014 Jon Ciesla <limburgher@gmail.com> – 3.0.22-1
– Latest upstream, BZ 166398.
——————————————————————————–
References:
[ 1 ] Bug #1185926 – privoxy: security fixes in 3.0.23 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1185926
[ 2 ] Bug #1185925 – privoxy: security fixes in 3.0.23 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1185925
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update privoxy’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce