Bug 17566

Summary: privoxy new security issues fixed upstream in 3.0.24 (CVE-2016-1982 and CVE-2016-1983)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: cjw, cooker, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/673455/
Whiteboard: has_procedure advisory mga5-64-ok
Source RPM: privoxy-3.0.23-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-01-21 16:18:44 CET 
CVEs have been requested for a couple of security issues fixed in privoxy:
http://openwall.com/lists/oss-security/2016/01/21/4

The issues are fixed in version 3.0.24.

Reproducible: 

Steps to Reproduce:
David Walser 2016-01-21 16:18:55 CET

CC: (none) => cooker
Whiteboard: (none) => MGA5TOO

Comment 1 David Walser 2016-01-22 14:02:59 CET 
CVEs have been assigned:
http://openwall.com/lists/oss-security/2016/01/22/3

Summary: privoxy new security issues fixed upstream in 3.0.24 => privoxy new security issues fixed upstream in 3.0.24 (CVE-2016-1982 and CVE-2016-1983)

Comment 2 David Walser 2016-01-25 20:30:27 CET 
Debian-LTS has issued an advisory for this on January 23:
http://lwn.net/Vulnerabilities/673455/

URL: (none) => http://lwn.net/Vulnerabilities/673455/

Comment 3 David Walser 2016-01-28 13:55:52 CET 
privoxy-3.0.24-1.mga6 uploaded for Cauldron by Christiaan.

Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 4 Christiaan Welvaart 2016-01-29 01:33:21 CET 
Updated packages are ready for testing:

MGA5
SRPM:
privoxy-3.0.23-1.1.mga5.src.rpm
RPMS:
privoxy-3.0.23-1.1.mga5.i586.rpm
privoxy-3.0.23-1.1.mga5.x86_64

A test procedure can be found in https://bugs.mageia.org/show_bug.cgi?id=14892#c9


Proposed advisory:

This update fixes two denial-of-service vulnerabilities that have been discovered in privoxy 3.0.23:

The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. (CVE-2016-1982)

The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. (CVE-2016-1983)


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1983

CC: (none) => cjw
Assignee: cjw => qa-bugs

Comment 5 claire robinson 2016-02-08 01:37:13 CET 
Testing complete mga5 64 using procedure mentioned to get the blocked page.

Also viewed proxy settings from the link there.

Whiteboard: (none) => has_procedure mga5-64-ok

Comment 6 claire robinson 2016-02-09 12:45:18 CET 
Validating. Advisory uploaded.

Please push to 5 updates, thanks.

Keywords: (none) => validated_update
Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2016-02-09 14:46:33 CET 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0055.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED