Univention Bugzilla – Bug 52365
libproxy: Multiple issues (4.4)
Last modified: 2020-11-18 16:44:02 CET
New Debian libproxy 0.4.14-2+deb9u2 fixes: This update addresses the following issue: * sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow (CVE-2020-26154)
--- mirror/ftp/4.4/unmaintained/4.4-6/source/libproxy_0.4.14-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/libproxy_0.4.14-2+deb9u2.dsc @@ -1,3 +1,8 @@ +0.4.14-2+deb9u2 [Fri, 13 Nov 2020 09:29:43 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * CVE-2020-26154: buffer overflow when receiving a large PAC file with + no Content-Length header. + 0.4.14-2+deb9u1 [Sat, 12 Sep 2020 10:28:31 +0100] Chris Lamb <lamby@debian.org>: * CVE-2020-25219: Prevent a remote denial of service attack that was caused <http://10.200.17.11/4.4-6/#2722234771166671175>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-6] d834e2765f Bug #52365: libproxy 0.4.14-2+deb9u2 doc/errata/staging/libproxy.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x806>