Bug 963151 (CVE-2016-1982) - VUL-1: CVE-2016-1982: privoxy: invalid reads in case of corrupt chunk-encoded content
Summary: VUL-1: CVE-2016-1982: privoxy: invalid reads in case of corrupt chunk-encoded...
Status: RESOLVED FIXED
Alias: CVE-2016-1982
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 42.1
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/161180/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-22 09:44 UTC by Andreas Stieger
Modified: 2016-02-02 09:11 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-01-22 09:44:44 UTC 
http://seclists.org/oss-sec/2016/q1/179

A couple of invalid reads were fixed in Privoxy 3.0.24 whose
release is scheduled for this weekend.

"remote DoS when built with ASAN"

- Prevent invalid reads in case of corrupt chunk-encoded content.
  http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197

Affects:
server:proxy/privoxy
openSUSE:13.2:Update/privoxy
openSUSE:Leap:42.1:Update/privoxy

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1300966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1982
http://seclists.org/oss-sec/2016/q1/179
Comment 1 Swamp Workflow Management 2016-01-22 23:00:14 UTC 
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2016-01-23 21:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (963151) was mentioned in
https://build.opensuse.org/request/show/355512 13.2+42.1 / privoxy
https://build.opensuse.org/request/show/355513 13.1 / privoxy
Comment 3 Andreas Stieger 2016-02-01 21:33:36 UTC 
release
Comment 4 Swamp Workflow Management 2016-02-02 01:11:16 UTC 
openSUSE-SU-2016:0305-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 963151,963152
CVE References: CVE-2016-1982,CVE-2016-1983
Sources used:
openSUSE Leap 42.1 (src):    privoxy-3.0.24-6.1
openSUSE 13.2 (src):    privoxy-3.0.24-8.11.1
Comment 5 Swamp Workflow Management 2016-02-02 09:11:36 UTC 
openSUSE-SU-2016:0311-1: An update that fixes two vulnerabilities is now available.

Category: security (low)
Bug References: 963151,963152
CVE References: CVE-2016-1982,CVE-2016-1983
Sources used:
openSUSE 13.1 (src):    privoxy-3.0.24-2.23.1