Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0237
privoxy security update
2 February 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: privoxy
Publisher: Debian
Operating System: Debian GNU/Linux 7
Windows
UNIX variants (UNIX, Linux, OSX)
Mobile Device
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-1382 CVE-2015-1381
Original Bulletin:
http://www.debian.org/security/2015/dsa-3145
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running privoxy check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3145-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
January 30, 2015 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : privoxy
CVE ID : CVE-2015-1381 CVE-2015-1382
Debian Bug : 776490
Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing
HTTP proxy, which might result in denial of service.
For the stable distribution (wheezy), these problems have been fixed in
version 3.0.19-2+deb7u2.
For the upcoming stable distribution (jessie), these problems will be
fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 3.0.21-7.
We recommend that you upgrade your privoxy packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUy0n0AAoJEAVMuPMTQ89Eu+gP/1vJEJ/XQn6WfX0ELDWVDOv0
KRbfNG/ggXbow2LUpAmQlJJjVC+zpVgHSI7B0bu3N4ZTVzTrPWWFI8Ml1AYokQAg
YXaxjgYIdRKRP2YyR7Vy7Xyo3m/h9Gezt5D/M+B4FreqkVv8mOicB5OqIbYuXUYW
3Acoq6Uxz2zHQSJ8bZuRFR+7VtLUdsFwPnlX7XGETDDfL4V1gXUTqmnsvgrs1+KE
mQOe6bJn0UbugVugnRj9zz88OsbjQIRdMuzqFSJ9em2ueeNdXBYVWi+8Hc5jEqXu
9LmTBoHg1pz724tggzD2waRn+8KmH133NDYQ51tlgitTcExFqPAgWlaL/mWI+zz6
kfN6d0rWf1ierjCcZKe8SsT1sWYwDjUS9Y8C6pnCyWcqEi/euEuvvYQbOPyZlz/V
XJ11stnvDiNGg/CdEb3I22edsvXY7BYXoywSoQqERhkwvIEWlowA0WcOsgc/0D4y
ZfrBvZNM8bdOaWAX36N0IFG0P8rzAoLE5CmwlszWYZ9EgkzmdshP5ZdSslm1QcN4
BDncFw6I/FdG/L7TaYZhRU2KDQu0be9d0V23pntnaY4hJ2Dx+KfdNP1YzXeDZcqU
aVF3NQIuQ+7sJQcsqSO8kqZY6DWlYuGJhuV01gznqCt2mUpm1tDHZgg1ugcqbebN
n9/wb8X3XJ8Ta5FgDWQG
=5vS8
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVM7PvhLndAQH1ShLAQK+6w//ZNm8y+DKwMqMuJZoYDrzVF8SStyjR37z
4X2wdyR1kBLTx5h27Q4tloOZtGK/ZOqQqKX7qC2Z0Stzceswef3EodaSysapPT9D
RSJTJQWb2Z3KMkqNZjpjXQBaoOWWOAr6f3YHbp8akxtErnaXXZhHPgpeUhuJ+5wM
q8JAbUzwj5fx3gi2sTaCpuHd6idih/Nb2sedpvlv2anS6c/gcW7G/vif4rOvMy4O
NqGeZfGHMSq1IdWoUfmejpkk+oTOQzPpagcR7lYGlipfUD//QfmFOsZYGBo7zUwv
ylJ58pWPgyfiJc1+lHnJvQFEF8iyjpcrAFxXHTeuToERtwHQzMh4q1RA4XiV/sKG
k3WQKc8P8+CuHTBObursuA7P+/B/KU9zrmQZglxshmswcpjaNbemLLKwWQyIwal8
9eK0eePndUXD6LjnHPtScAlZQwrFcUD3BaDw3oaLmKDiZNnPoAodCCHo5HUWA+aY
tBmvWXl4++9uYBCj+Z/m930lP/+ej9UnIS3urV9VxFoRSyc1cSUbOyABB20BqJlL
xY/wHaBntIPJ5KrEB/pLHRGHaFvj+34TqpXM1SeLGKDbR1vNnsxJlFFHI9vnvndQ
BuJJD2d1tl9ZJnTo/2/Cgj0zNgMo7avhf9OB+rQSyAVL9fM6Qj3+CUW6f6NgHQ4x
urrhpqi3ZkI=
=1AJB
-----END PGP SIGNATURE-----