Arch Linux Security Advisory ASA-201601-27 ========================================== Severity: Medium Date : 2016-01-25 CVE-ID : CVE-2016-1982 CVE-2016-1983 Package : privoxy Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package privoxy before version 3.0.24-1 is vulnerable to denial of service. Resolution ========== Upgrade to 3.0.24-1. # pacman -Syu "privoxy>=3.0.24-1" The problems have been fixed upstream in version 3.0.24. Workaround ========== None. Description =========== - CVE-2016-1982 (denial of service) A vulnerability was discovered in a way the privoxy deals with corrupted chunk-encoded content. A maliciously crafted input can result in a remote denial of service. - CVE-2016-1983 (denial of service) A vulnerability was found in a way the privoxy processes specific client requests. A request with "Host" header empty could result in an invalid read. Impact ====== A remote attacker is able to craft special input that, when processed, is leading to denial of service. References ========== https://access.redhat.com/security/cve/CVE-2016-1982 https://access.redhat.com/security/cve/CVE-2016-1983 http://seclists.org/oss-sec/2016/q1/179