privoxy: denial of service

2016-01-25T00:00:00
ID ASA-201601-27
Type archlinux
Reporter Arch Linux
Modified 2016-01-25T00:00:00

Description

  • CVE-2016-1982 (denial of service)

A vulnerability was discovered in a way the privoxy deals with corrupted chunk-encoded content. A maliciously crafted input can result in a remote denial of service.

  • CVE-2016-1983 (denial of service)

A vulnerability was found in a way the privoxy processes specific client requests. A request with "Host" header empty could result in an invalid read.