This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
privoxy was updated to version 3.0.23 to fix three security issues.
These security issues were fixed :
- Fixed a DoS issue in case of client requests with
incorrect chunk-encoded body. When compiled with
assertions enabled (the default) they could previously
cause Privoxy to abort() (CVE-2015-1380).
- Fixed multiple segmentation faults and memory leaks in
the pcrs code. This fix also increases the chances that
an invalid pcrs command is rejected as such
- Client requests with body that can't be delivered no
longer cause pipelined requests behind them to be
rejected as invalid (CVE-2015-1382).
See also :
Update the affected privoxy packages.
Risk factor :
Medium / CVSS Base Score : 5.0