Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#68309 - [security][libproxy] CVE-2020-25219 CVE-2020-26154

Attached to Project: Arch Linux
Opened by loqs (loqs) - Saturday, 17 October 2020, 21:31 GMT
Last edited by freswa (frederik) - Sunday, 18 October 2020, 01:57 GMT
Task Type Bug Report
Category Packages: Extra
Status Assigned
Assigned To Jan de Groot (JGC)
Jan Alexander Steffens (heftig)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:
CVE-2020-25219 [1]
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. Fixed by [2]

CVE-2020-26154
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
Fixed by unmerged pull request [4].

Additional info:
* libproxy 0.4.15+33+g454a499-2
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-25219
[2] https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0
[3] https://nvd.nist.gov/vuln/detail/CVE-2020-26154
[4] https://github.com/libproxy/libproxy/pull/126
This task depends upon

Loading...