SUSE Package Hub - openSUSE-2022-10186

Update Info

openSUSE-2022-10186

Security update for privoxy

Type: security

Severity: important

Issued: 2022-11-02

Description:

This update for privoxy fixes the following issues:

privoxy was updated to 3.0.33 (boo#1193584):

* CVE-2021-44543: Encode the template name to prevent XSS
  (cross-side scripting) when Privoxy is configured to servce
  the user-manual itself
* CVE-2021-44540: Free memory of compiled pattern spec
  before bailing
* CVE-2021-44541: Free header memory when failing to get the
  request destination.
* CVE-2021-44542: Prevent memory leaks when handling errors
* Disable fast-redirects for a number of domains
* Update default block lists
* Many bug fixes and minor enhancements

References

CVE: CVE-2021-44543
CVE: CVE-2021-44542
CVE: CVE-2021-44541
CVE: CVE-2021-44540
Bugzilla: 1193584 https://bugzilla.opensuse.org/show_bug.cgi?id=1193584

Packages

privoxy-3.0.33-bp154.3.3.1