Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 16 Oct 2012 15:49:15 +0200
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: libproxy PAC downloading buffer overflows

On Fri, 12 Oct 2012 10:43:06 +0200 Tomas Hoger wrote:

> libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz:
> 
> http://code.google.com/p/libproxy/source/detail?r=853
> https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504

Anyone updating 0.4.x version to fixed upstream version should consider
picking 0.4.10, which fixes an infinite loop in the PAC downloading
code (incorrectly fixed in 0.4.9, reportedly also breaking chunked
encoding downloads).

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.