FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

privoxy -- multiple vulnerabilities

Affected packages
privoxy < 3.0.24

Details

VuXML ID a763a0e7-c3d9-11e5-b5fe-002590263bf5
Discovery 2016-01-22
Entry 2016-01-26

Privoxy Developers reports:

Prevent invalid reads in case of corrupt chunk-encoded content. CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.

Remove empty Host headers in client requests. Previously they would result in invalid reads. CVE-2016-1983. Bug discovered with afl-fuzz and AddressSanitizer.

References

CVE Name CVE-2016-1982
CVE Name CVE-2016-1983
FreeBSD PR ports/206504
URL http://www.openwall.com/lists/oss-security/2016/01/21/4
URL http://www.privoxy.org/3.0.24/user-manual/whatsnew.html