FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

privoxy -- multiple vulnerabilities

Affected packages
privoxy < 3.0.22

Details

VuXML ID 89d4ed09-c3d7-11e5-b5fe-002590263bf5
Discovery 2015-01-10
Entry 2016-01-26

Privoxy Developers reports:

Fixed a memory leak when rejecting client connections due to the socket limit being reached (CID 66382). This affected Privoxy 3.0.21 when compiled with IPv6 support (on most platforms this is the default).

Fixed an immediate-use-after-free bug (CID 66394) and two additional unconfirmed use-after-free complaints made by Coverity scan (CID 66391, CID 66376).

MITRE reports:

Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors.

References

CVE Name CVE-2015-1030
CVE Name CVE-2015-1031
CVE Name CVE-2015-1201
FreeBSD PR ports/195468
URL http://www.openwall.com/lists/oss-security/2015/01/11/1
URL http://www.privoxy.org/3.0.22/user-manual/whatsnew.html