openSUSE Security Update : tinyproxy (openSUSE-SU-2013:1201-1)

Medium Nessus Plugin ID 75087


The remote openSUSE host is missing a security update.


Tinyproxy allowed remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.

This update fixes this by limiting headers and improving the hash keying.


Update the affected tinyproxy packages.

See Also

Plugin Details

Severity: Medium

ID: 75087

File Name: openSUSE-2013-587.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:tinyproxy, p-cpe:/a:novell:opensuse:tinyproxy-debuginfo, p-cpe:/a:novell:opensuse:tinyproxy-debugsource, cpe:/o:novell:opensuse:12.2, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2013/07/08

Reference Information

CVE: CVE-2012-3505

OSVDB: 84765