Medium: privoxy

2016-03-10T16:30:00
ID ALAS-2016-663
Type amazon
Reporter Amazon
Modified 2016-03-10T16:30:00

Description

Issue Overview:

The remove_chunked_transfer_coding function allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. (CVE-2016-1982 __)

The client_host function in parsers.c allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. (CVE-2016-1983 __)

Affected Packages:

privoxy

Issue Correction:
Run yum update privoxy to update your system.

New Packages:

i686:  
    privoxy-3.0.23-2.7.amzn1.i686  
    privoxy-debuginfo-3.0.23-2.7.amzn1.i686

src:  
    privoxy-3.0.23-2.7.amzn1.src

x86_64:  
    privoxy-3.0.23-2.7.amzn1.x86_64  
    privoxy-debuginfo-3.0.23-2.7.amzn1.x86_64