Security update for privoxy SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0265-1 Final 1 1 2021-02-08T17:05:07Z current 2021-02-08T17:05:07Z 2021-02-08T17:05:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for privoxy This update for privoxy fixes the following issues: - Update to version 3.0.31: - Security/Reliability (boo#1181650) - Prevent an assertion from getting triggered by a crafted CGI request. Commit 5bba5b89193fa. OVE-20210130-0001. CVE-2021-20217 Reported by: Joshua Rogers (Opera) - Fixed a memory leak when decompression fails 'unexpectedly'. Commit f431d61740cc0. OVE-20210128-0001. CVE-2021-20216 - Bug fixes: - Fixed detection of insufficient data for decompression. Previously Privoxy could try to decompress a partly uninitialized buffer. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-265 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LYXYETZZHYGLBE3WLXSZCYBO5VDRKFDT/ E-Mail link for openSUSE-SU-2021:0265-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1181650 SUSE Bug 1181650 https://www.suse.com/security/cve/CVE-2021-20216/ SUSE CVE CVE-2021-20216 page https://www.suse.com/security/cve/CVE-2021-20217/ SUSE CVE CVE-2021-20217 page openSUSE Leap 15.2 privoxy-3.0.31-lp152.3.6.1 privoxy-doc-3.0.31-lp152.3.6.1 privoxy-3.0.31-lp152.3.6.1 as a component of openSUSE Leap 15.2 privoxy-doc-3.0.31-lp152.3.6.1 as a component of openSUSE Leap 15.2 A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. CVE-2021-20216 openSUSE Leap 15.2:privoxy-3.0.31-lp152.3.6.1 openSUSE Leap 15.2:privoxy-doc-3.0.31-lp152.3.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LYXYETZZHYGLBE3WLXSZCYBO5VDRKFDT/ https://www.suse.com/security/cve/CVE-2021-20216.html CVE-2021-20216 https://bugzilla.suse.com/1181650 SUSE Bug 1181650 A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. CVE-2021-20217 openSUSE Leap 15.2:privoxy-3.0.31-lp152.3.6.1 openSUSE Leap 15.2:privoxy-doc-3.0.31-lp152.3.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LYXYETZZHYGLBE3WLXSZCYBO5VDRKFDT/ https://www.suse.com/security/cve/CVE-2021-20217.html CVE-2021-20217 https://bugzilla.suse.com/1181650 SUSE Bug 1181650