SUSE Package Hub - openSUSE-2026-111

Update Info

openSUSE-2026-111

Security update for tinyproxy

Type: security

Severity: important

Issued: 2026-03-31

Description:

This update for tinyproxy fixes the following issues:

- CVE-2026-3945: Fixed denial of service by unauthenticated remote attacker (boo#1261024)

- Update to release 1.11.3
  * conf: add BasicAuthRealm feature
  * basic auth: fix error status 401 vs 407
  * tinyproxy.conf.5: explain what a site_spec looks like
  * tinyproxy.conf.5: add an IPv6 example to allow/deny section
  * reqs: fix integer overflow in port number processing

References

CVE: CVE-2026-3945
Bugzilla: 1261024 VUL-0: CVE-2026-3945: tinyproxy: lack of overflow conditions can allow an unauthenticated remote attacker to cause a denial of service

Packages

tinyproxy-1.11.3-bp157.2.6.1