Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Oct 2012 10:43:06 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Subject: libproxy PAC downloading buffer overflows

Hi!

libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz:

http://code.google.com/p/libproxy/source/detail?r=853
https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504

Upstream announcement also mentions another issue - CVE-2012-4505.  It
is related, but different problem that was found in pre-0.4 versions
while investigating if they were affected by CVE-2012-4504.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ