Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0425
privoxy security update
8 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: privoxy
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Access Confidential Data -- Unknown/Unspecified
Denial of Service -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20217 CVE-2021-20216 CVE-2021-20215
CVE-2021-20213 CVE-2021-20212 CVE-2021-20211
CVE-2021-20210 CVE-2021-20209 CVE-2020-35502
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/02/msg00009.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running privoxy check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2548-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
February 07, 2021 https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------
Package : privoxy
Version : 3.0.26-3+deb9u1
CVE ID : CVE-2020-35502 CVE-2021-20209 CVE-2021-20210
CVE-2021-20211 CVE-2021-20212 CVE-2021-20213
CVE-2021-20215 CVE-2021-20216 CVE-2021-20217
Multiple vulnerabilites were discovered in privoxy, a privacy
enhancing HTTP proxy, like memory leaks, dereference of a
NULL-pointer, et al.
For Debian 9 stretch, these problems have been fixed in version
3.0.26-3+deb9u1.
We recommend that you upgrade your privoxy packages.
For the detailed security status of privoxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/privoxy
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAfDj4ACgkQgj6WdgbD
S5ZEAg/+NskIauvdbma/FPI3vF7Sw/ORD5YxbKVsd4CxHHKJzzfUSrmkysVj73II
lQtYr4Zs3O7u/ILtzwwg5vASmhzvU24XH/543igCPApwd0AUrazfrVvfAji2nxfi
Ty9d91GD8K/DhPcx6WI7s5nPs6ihWaHh8RRunDrQY9J6R32/tMqaYCV2S7d7BLSV
KNc0WYYIVYXQ1es2Zs2S8c3Phf1MU+YsY/cLnc1doezxIvlfnuDoxu9pL78ogilw
0meIAz3RXAvepDeawDtgwTf2OeQjlEkcCwvMkyyq8Ww/VHhgaFAWVIRprpWYgJdr
kv/rNaSJ50RczCM0ZHE8RreLQ/LepeRM/T28Pym+QVzVl94mP+l2t3qutIq7kjki
mN/ef5nAGODNJ/b8Zb6refQY3hBsZGb8Kct69MKgBqSaEPNqv/yuSB44mSvLD4MS
+1YwScNG4GEayPWCPCLulB5GEqTAx63bdmFQu61cxh+/KOfP06GhdrRiwGYzN2SH
PzVs5QD2dZgIFpLt24C2TYlmXcX1zYYT/9y9lzPTmx9clGBb7MmrHKF6LkMaShYV
CZBhHGRNItcGA4sGotwrlr+skBTF5D4wG/ADq6BjReXD4rJsKCktoYxmw/tfmm8V
FyN9tHwngYzOGs/m9grgkRh3pLoztJkHuyVlSENo5oMvfNtVD/w=
=A8d7
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYCCa8uNLKJtyKPYoAQgm7w//XFJo23gHEgRgDu7Q5QQ+mIBlSANVz/z1
QpjkRMfPNneaXVRUJroVgKZ10ZuRNUTorQob25schFntPa52mrSHA+UPWH+UUkVE
HZ9+bpCK7nKkX5nQzTpGTjwek/aZahp4biqdPS74I+hd9quJ/JYq2OPvwoOsIWJV
o/rCEUwc1odJjqHUjGnATCkb3lxJCROp2TfZP5+zxf7ng2ZBhOKoGOWH0xRfd1L6
64KFBSeDw3hCe8XhKGbnAdInA6LT8gcpge7sQIfZBtoCCSUANDHbQj990A+pYIuI
L/S3LOFPSQmHcTFD5eT3hkDXtvDmMJK1qffrcfOPjGgPDz5oyv+O7Xu5h/nIZeOW
sOVllhlG1x6BoWAD/pXE5MxXUepq6V2M0mGqmPKQeDXlaNa3TsXZWkrptUCiKksR
D6liJJpX8LOnz3dndJrFiwnVoygFEoG4l4yJLO4YgHxIKev9gEkhy4/3QIc0CquF
SPIi9ff4EhFoh+2diygknqv3xenlirrd4IUtEQbuC8Vnz7FfrF+RNYVFdqZGjfIP
Bbj9IXVsL/NSEyrSATdHvEwhCj+x2FDGDGQSqfhpfrP8J9XGoWnX0NE2aOkemqAw
cZPGCDPivQ+H75fMAuCw/UAcGP3OPshG0kIrRUmgZgc5l7TT8yN0X5zOL3FR+n5a
szuyO24qqCk=
=ShBL
-----END PGP SIGNATURE-----