Detections
Analytics

openSUSE Security Update : privoxy (openSUSE-2021-6)

medium Nessus Plugin ID 145283

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for privoxy fixes the following issues :

privoxy was updated to 3.0.29 :

 - Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. OVE-20201118-0001

 - Fixed a memory leak in the show-status CGI handler when no action files are configured OVE-20201118-0002

 - Fixed a memory leak in the show-status CGI handler when no filter files are configured OVE-20201118-0003

 - Fixes a memory leak when client tags are active OVE-20201118-0004

 - Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error OVE-20201118-0005

 - Prevent an unlikely dereference of a NULL pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. OVE-20201118-0006

 - Fixed memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail.
 OVE-20201118-0007

 - Fixed memory leaks in the show-status CGI handler when memory allocations fail OVE-20201118-0008

 - Add experimental https inspection support

 - Use JIT compilation for static filtering for speedup

 - Add support for Brotli decompression, add 'no-brotli-accepted' filter which prevents the use of Brotli compression

 - Add feature to gather exended statistics

 - Use IP_FREEBIND socket option to help with failover

 - Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended host patterns with 'PCRE-HOST-PATTERN:'

 - Added 'Cross-origin resource sharing' (CORS) support

 - Add SOCKS5 username/password support

 - Bump the maximum number of action and filter files to 100 each

 - Fixed handling of filters with 'split-large-forms 1' when using the CGI editor.

 - Better detect a mismatch of connection details when figuring out whether or not a connection can be reused

 - Don't send a 'Connection failure' message instead of the 'DNS failure' message

 - Let LOG_LEVEL_REQUEST log all requests

 - Improvements to default Action file

License changed to GPLv3.

 - remove packaging vulnerability boo#1157449

Solution

Update the affected privoxy packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1157449

Plugin Details

Severity: Medium

ID: 145283

File Name: openSUSE-2021-6.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 1/25/2021

Updated: 1/25/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Vulnerability Information

CPE: cpe:/o:novell:opensuse:15.1, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:privoxy, p-cpe:/a:novell:opensuse:privoxy-debuginfo, p-cpe:/a:novell:opensuse:privoxy-debugsource

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 1/1/2021

Vulnerability Publication Date: 1/1/2021