-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2587-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Abhijith PA March 09, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : privoxy Version : 3.0.26-3+deb9u2 CVE ID : CVE-2021-20272 CVE-2021-20273 CVE-2021-20275 CVE-2021-20276 Multiple vulnerabilites were discovered in privoxy, a web proxy with advanced filtering capabilities. CVE-2021-20272 An assertion failure could be triggered with a crafted CGI request leading to server crash. CVE-2021-20273 A crash can occur via a crafted CGI request if Privoxy is toggled off. CVE-2021-20275 An invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. CVE-2021-20276 Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. For Debian 9 stretch, these problems have been fixed in version 3.0.26-3+deb9u2. We recommend that you upgrade your privoxy packages. For the detailed security status of privoxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/privoxy Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmBHtbIACgkQhj1N8u2c KO/0Pg//bGq8GoIcW3Q75gd+suPhLU+WoqNrgbAVk3X6iaCTqQfp2fTa390xL51t Lb6enUhD9gnMQWfkyfZImKBjO/WMKkqek+f+iahSN7YdjZ06gQzMlZyGgW6m96xX EzbwW6kJOKKlvZq9wt5uRILZNzfd2k35d2ZKTW7/KFVXqSJegcftgtQYKtvaLLpx PxGGqPJrklKAin04X49Vqmnop9C5LPC/l4VxL1cB5CWXdL5/liDSRCsUTkPIUXej moTF0NfcWVPkB1pnrd9Hagh5jP1YcjklJCBIGOCVlFkyy18lMDqd9aVrQlit+C3p EjfaZpVwUhIj1sH44gG5Y5ary8+QotrGCArcZFpq1TrdYWuylBTA85sylqlg6x9z Wm4XYRLQ31bxOMVm6DZVktBktROt9FBmWCjjay2+/AwO2EAikTwJN0SHMSCqM9se EsGN5Lgkz9+uWvpReQOVs7l1YkM2DyH680cWE4M1JOBts3297DnSUNVCV11jGfW4 c2kRNEYWRtHBipWIhi6DSq8kEGHtRjeqUAe46KdG0VaIFWjjaWxLeBZNBOLXDEvE RcAsUG3W4jiHELFW8hTF7WXic4rkOCNH3qoUZA8m0JjiFMe4YXZ94CmNNG8Zyblc PFP0Zp1AdMtExtzHMQnhKnzWKsF10u3bfd1U9MvCNVzplAMZoT0= =+aeO -----END PGP SIGNATURE-----