Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: libproxy PAC downloading buffer overflows
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 16 Oct 2012 15:49:15 +0200

On Fri, 12 Oct 2012 10:43:06 +0200 Tomas Hoger wrote:

libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz:

http://code.google.com/p/libproxy/source/detail?r=853
https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504

Anyone updating 0.4.x version to fixed upstream version should consider
picking 0.4.10, which fixes an infinite loop in the PAC downloading
code (incorrectly fixed in 0.4.9, reportedly also breaking chunked
encoding downloads).

-- 
Tomas Hoger / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]