[SECURITY] [DSA 2222-1] tinyproxy security update

2011-04-2017:16:14

lists.debian.org

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.6%

JSON

Debian Security Advisory DSA-2222-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2011 http://www.debian.org/security/faq

Package : tinyproxy
Vulnerability : incorrect ACL processing
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1499
Debian Bug : 621493

Christoph Martin discovered that incorrect ACL processing in TinyProxy,
a lightweight, non-caching, optionally anonymizing http proxy could
lead to unintended network access rights.

The oldstable distribution (lenny) is not affected.

For the stable distribution (squeeze), this problem has been fixed in
version 1.8.2-1squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.2-2

We recommend that you upgrade your tinyproxy packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6mipstinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_mips.deb
Debian6ia64tinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_ia64.deb
Debian6mipseltinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_mipsel.deb
Debian6kfreebsd-i386tinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_kfreebsd-i386.deb
Debian6sparctinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_sparc.deb
Debian6kfreebsd-amd64tinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_kfreebsd-amd64.deb
Debian6i386tinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_i386.deb
Debian6powerpctinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_powerpc.deb
Debian6s390tinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_s390.deb
Debian6amd64tinyproxy< 1.8.2-1squeeze1tinyproxy_1.8.2-1squeeze1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	mips	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_mips.deb
Debian	6	ia64	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_ia64.deb
Debian	6	mipsel	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_mipsel.deb
Debian	6	kfreebsd-i386	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_kfreebsd-i386.deb
Debian	6	sparc	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_sparc.deb
Debian	6	kfreebsd-amd64	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_kfreebsd-amd64.deb
Debian	6	i386	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_i386.deb
Debian	6	powerpc	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_powerpc.deb
Debian	6	s390	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_s390.deb
Debian	6	amd64	tinyproxy	< 1.8.2-1squeeze1	tinyproxy_1.8.2-1squeeze1_amd64.deb