Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: ajak@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202107-16 ] Privoxy: Multiple vulnerabilities
Date: Thu, 08 Jul 2021 04:02:26
Message-Id: YOZzElNoae0jaj0q@sol.nexus.lan
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202107-16
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Privoxy: Multiple vulnerabilities
9 Date: July 08, 2021
10 Bugs: #758428, #768096, #771960
11 ID: 202107-16
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Privoxy, the worst of which
19 could result in Denial of Service.
20
21 Background
22 ==========
23
24 Privoxy is a web proxy with advanced filtering capabilities for
25 enhancing privacy.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 net-proxy/privoxy < 3.0.32 >= 3.0.32
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in privoxy. Please review
39 the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 An attacker could cause a possible Denial of Service condition.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All Privoxy users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=net-proxy/privoxy-3.0.32"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2020-35502
63 https://nvd.nist.gov/vuln/detail/CVE-2020-35502
64 [ 2 ] CVE-2021-20209
65 https://nvd.nist.gov/vuln/detail/CVE-2021-20209
66 [ 3 ] CVE-2021-20210
67 https://nvd.nist.gov/vuln/detail/CVE-2021-20210
68 [ 4 ] CVE-2021-20211
69 https://nvd.nist.gov/vuln/detail/CVE-2021-20211
70 [ 5 ] CVE-2021-20212
71 https://nvd.nist.gov/vuln/detail/CVE-2021-20212
72 [ 6 ] CVE-2021-20213
73 https://nvd.nist.gov/vuln/detail/CVE-2021-20213
74 [ 7 ] CVE-2021-20214
75 https://nvd.nist.gov/vuln/detail/CVE-2021-20214
76 [ 8 ] CVE-2021-20215
77 https://nvd.nist.gov/vuln/detail/CVE-2021-20215
78 [ 9 ] CVE-2021-20216
79 https://nvd.nist.gov/vuln/detail/CVE-2021-20216
80 [ 10 ] CVE-2021-20217
81 https://nvd.nist.gov/vuln/detail/CVE-2021-20217
82 [ 11 ] CVE-2021-20272
83 https://nvd.nist.gov/vuln/detail/CVE-2021-20272
84 [ 12 ] CVE-2021-20273
85 https://nvd.nist.gov/vuln/detail/CVE-2021-20273
86 [ 13 ] CVE-2021-20274
87 https://nvd.nist.gov/vuln/detail/CVE-2021-20274
88 [ 14 ] CVE-2021-20275
89 https://nvd.nist.gov/vuln/detail/CVE-2021-20275
90 [ 15 ] CVE-2021-20276
91 https://nvd.nist.gov/vuln/detail/CVE-2021-20276
92
93 Availability
94 ============
95
96 This GLSA and any updates to it are available for viewing at
97 the Gentoo Security Website:
98
99 https://security.gentoo.org/glsa/202107-16
100
101 Concerns?
102 =========
103
104 Security is a primary focus of Gentoo Linux and ensuring the
105 confidentiality and security of our users' machines is of utmost
106 importance to us. Any security concerns should be addressed to
107 security@g.o or alternatively, you may file a bug at
108 https://bugs.gentoo.org.
109
110 License
111 =======
112
113 Copyright 2021 Gentoo Foundation, Inc; referenced text
114 belongs to its owner(s).
115
116 The contents of this document are licensed under the
117 Creative Commons - Attribution / Share Alike license.
118
119 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups