 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.856122 |
| Category: | openSUSE Local Security Checks |
| Title: | openSUSE Security Advisory (openSUSE-SU-2024:0119-1) |
| Summary: | The remote host is missing an update for the 'tinyproxy' package(s) announced via the openSUSE-SU-2024:0119-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'tinyproxy' package(s) announced via the openSUSE-SU-2024:0119-1 advisory. Vulnerability Insight: This update for tinyproxy fixes the following issues: - Update to release 1.11.2 * Fix potential use-after-free in header handling [CVE-2023-49606, boo#1223746] * Prevent junk from showing up in error page in invalid requests [CVE-2022-40468, CVE-2023-40533, boo#1223743] - Move tinyproxy program to /usr/bin. - Update to release 1.11.1 * New fnmatch based filtertype - Update to release 1.11 * Support for multiple bind directives. - update to 1.10.0: * Configuration file has moved from /etc/tinyproxy.conf to /etc/tinyproxy/tinyproxy.conf. * Add support for basic HTTP authentication * Add socks upstream support * Log to stdout if no logfile is specified * Activate reverse proxy by default * Support bind with transparent mode * Allow multiple listen statements in the configuration * Fix CVE-2017-11747: Create PID file before dropping privileges. * Fix CVE-2012-3505: algorithmic complexity DoS in hashmap * Bugfixes * BB#110: fix algorithmic complexity DoS in hashmap * BB#106: fix CONNECT requests with IPv6 literal addresses as host * BB#116: fix invalid free for GET requests to ipv6 literal address * BB#115: Drop supplementary groups * BB#109: Fix crash (infinite loop) when writing to log file fails * BB#74: Create log and pid files after we drop privs * BB#83: Use output of id instead of $USER Affected Software/OS: 'tinyproxy' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3505 1027412 http://www.securitytracker.com/id?1027412 50278 http://secunia.com/advisories/50278 51074 http://secunia.com/advisories/51074 DSA-2564 http://www.debian.org/security/2012/dsa-2564 [oss-security] 20120817 CVE request: tinyproxy http://www.openwall.com/lists/oss-security/2012/08/17/3 [oss-security] 20120818 Re: CVE request: tinyproxy http://www.openwall.com/lists/oss-security/2012/08/18/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281 https://banu.com/bugzilla/show_bug.cgi?id=110 https://banu.com/bugzilla/show_bug.cgi?id=110#c2 https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985 Common Vulnerability Exposure (CVE) ID: CVE-2017-11747 https://github.com/tinyproxy/tinyproxy/issues/106 https://lists.debian.org/debian-lts-announce/2020/03/msg00037.html Common Vulnerability Exposure (CVE) ID: CVE-2022-40468 https://security.gentoo.org/glsa/202305-27 https://github.com/tinyproxy/tinyproxy https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469c4b00/src/reqs.c#L346 https://github.com/tinyproxy/tinyproxy/issues/457 https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815 Common Vulnerability Exposure (CVE) ID: CVE-2023-40533 Common Vulnerability Exposure (CVE) ID: CVE-2023-49606 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889 http://www.openwall.com/lists/oss-security/2024/05/07/1 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |