Security update for privoxy SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0016-1 Final 1 1 2021-01-04T23:23:38Z current 2021-01-04T23:23:38Z 2021-01-04T23:23:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for privoxy This update for privoxy fixes the following issues: privoxy was updated to 3.0.29: * Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. OVE-20201118-0001 * Fixed a memory leak in the show-status CGI handler when no action files are configured OVE-20201118-0002 * Fixed a memory leak in the show-status CGI handler when no filter files are configured OVE-20201118-0003 * Fixes a memory leak when client tags are active OVE-20201118-0004 * Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error OVE-20201118-0005 * Prevent an unlikely dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. OVE-20201118-0006 * Fixed memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail. OVE-20201118-0007 * Fixed memory leaks in the show-status CGI handler when memory allocations fail OVE-20201118-0008 * Add experimental https inspection support * Use JIT compilation for static filtering for speedup * Add support for Brotli decompression, add 'no-brotli-accepted' filter which prevents the use of Brotli compression * Add feature to gather exended statistics * Use IP_FREEBIND socket option to help with failover * Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended host patterns with 'PCRE-HOST-PATTERN:' * Added 'Cross-origin resource sharing' (CORS) support * Add SOCKS5 username/password support * Bump the maximum number of action and filter files to 100 each * Fixed handling of filters with 'split-large-forms 1' when using the CGI editor. * Better detect a mismatch of connection details when figuring out whether or not a connection can be reused * Don't send a 'Connection failure' message instead of the 'DNS failure' message * Let LOG_LEVEL_REQUEST log all requests * Improvements to default Action file License changed to GPLv3. - remove packaging vulnerability boo#1157449 This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-16 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3DDA6IJYUOIV2FOEQW4RQBPCNV4YPQKH/ E-Mail link for openSUSE-SU-2021:0016-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1157449 SUSE Bug 1157449 SUSE Package Hub 15 SP1 privoxy-3.0.29-bp151.3.3.1 privoxy-doc-3.0.29-bp151.3.3.1 privoxy-3.0.29-bp151.3.3.1 as a component of SUSE Package Hub 15 SP1 privoxy-doc-3.0.29-bp151.3.3.1 as a component of SUSE Package Hub 15 SP1