[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3892-1] tinyproxy security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3892-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 18, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : tinyproxy
Version        : 1.10.0-5+deb11u1
CVE ID         : CVE-2022-40468 CVE-2023-49606


Two issues have been found in tinyproxy, a lightweight, non-caching, optionally anonymizing HTTP proxy. They are related to an use after free in header parsing of GTTP connections and a potential leak of left-over heap data.


For Debian 11 bullseye, these problems have been fixed in version
1.10.0-5+deb11u1.

We recommend that you upgrade your tinyproxy packages.

For the detailed security status of tinyproxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tinyproxy

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmbrQvhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdWGBAAu89i5WfLVg+ZJrsOrprglyFlDOp0MTbUSglV8WoUdVloECqtTtS0ZdVC
qS5c856dSSeEO5cqdHwHZxYxGo5fPBWppdPXY/BgzV94oep+ohnI+QWmz+r7dWVq
SaU4cEO7PKCGuYCmbmX7xi70uOt3B1JHCwGwwTkfTQG4qkR0oFIg0VqmljDOtILu
yS398emjdXkJZjYBpguiX1ymfMK7LVdaW+q/+iN9YhjBjJQrXGQDj7jQKqSQo6F7
lDOUQZzCH/5I9r7lietjcIoLD4Ut+iJBmH6jgcTfjXkbyJdzX3oeQJ3WAHbCYDAr
RSz1+H/rBJLyJcWNqc2EfQVplIBqb7WeBbJ1X97Sf4liiPZFgAuGeYA5EAJAOXVu
78b5K2G3ZamTiSRZGlMJeNpekp5Kv53uotpLrclZSQe9owFQEN36+vFKRKumrhaT
Ang6w2xPNh13nwhOKJqIPql5Doc1lxR5qFf/w+FhyBttsXkoWSZTaQ6d5eXO/Aiz
VnpeH6Y5Bezb97dI9aMrxurd3XN7fySyVdsWmOe+0OHYC2QhrcOKSqyN5qK4eHF8
QOyIs1ZzaW/p7EsWulCKFRe5BWcqNI3FOvlipKIlmsQN6DpRK1ElbalKRcel7jZg
u/WIZuUtzliDRBQakmTjMsbLgDy51w9OQRNVYI5qAWaWy0HI+eM=
=bpxH
-----END PGP SIGNATURE-----


Reply to: