CentOS Errata and BugFix Advisory 2015:C001 Upstream details at : http://bugs.centos.org/view.php?id=8117 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6044ee7a7863e087a32391c31d94e030abf7d6d5d74dff8a6bd96cd32c5c63ca boost-1.41.0-25.el6.centos.i686.rpm bff46f66bdf08d7af49f2579070a2986489f4d0cf2fc50fbefb1db1bbf8b4b44 boost-date-time-1.41.0-25.el6.centos.i686.rpm a98e0eee6562a62a9faa4bb35af33baa8605f55ea5d6f60f3474db067658004c boost-devel-1.41.0-25.el6.centos.i686.rpm 4703a894eacfb5457c7c75afa21270215772d9c1c61599f203bb8e2c84d0a7a2 boost-doc-1.41.0-25.el6.centos.i686.rpm 59d70f7c8445b38f096d7da99a457a707dc222f32458341513161de0558d8f66 boost-filesystem-1.41.0-25.el6.centos.i686.rpm 9ff07e5431c6b441f75d75f49ad8de98b58cfbcd7313fcdf1d9a748acb5cac4d boost-graph-1.41.0-25.el6.centos.i686.rpm 1236439492e10f87a653a0bcbfb586489ef26a889daee4a5725006963bac942f boost-graph-mpich-1.41.0-25.el6.centos.i686.rpm 7e1b63820423893fea7fe878a6192b316ce21e0c3fb688791fbe97a66ce9ab9a boost-graph-openmpi-1.41.0-25.el6.centos.i686.rpm 89c9f6f5c2efa34deabec09fcde997a2153e85b919f559fce4497da48bfd5526 boost-iostreams-1.41.0-25.el6.centos.i686.rpm c4c1e8d676e00a0b802b6d02a2cd306109758b375eed4524689ee2d03e5021e8 boost-math-1.41.0-25.el6.centos.i686.rpm b7680e21976304879f8fff0f348f875b5d01167240f5cd885b7ea0674c35b144 boost-mpich-1.41.0-25.el6.centos.i686.rpm bc23cf70300d7350f52ae99e06cf51c2a7ca3b9e3ba8d09572429e3ab2de8f08 boost-mpich-devel-1.41.0-25.el6.centos.i686.rpm 495a81eb57547558548ce44a3bace668593891326ea5aa8e23a0522b62d06346 boost-mpich-python-1.41.0-25.el6.centos.i686.rpm 06995f61b0e2ed4bd009a0e1e7137afc91568907265acf31e15c5bd7dd2659af boost-openmpi-1.41.0-25.el6.centos.i686.rpm a88b5b6c95d242765b52107be4ea1343ae94cf3cc684b915ca0eb8038424c316 boost-openmpi-devel-1.41.0-25.el6.centos.i686.rpm a7cc5758b88a02a6a8a16a785e45c1246134d4266b3bdcc0954069efa681861c boost-openmpi-python-1.41.0-25.el6.centos.i686.rpm 383821a09269f59b4a2eed1c7ddbef14de9efb802dad465a23247446a6472cfc boost-program-options-1.41.0-25.el6.centos.i686.rpm c3274326c0fd0c73248a51fcae954e2505382cb30e0ed8a006e7c464d06e23b9 boost-python-1.41.0-25.el6.centos.i686.rpm 3e868c4d33b3700511ecfe3c5c573c524796d5d2ea7567e7e78c851a68e1b724 boost-regex-1.41.0-25.el6.centos.i686.rpm 20b99b44519954028f74fade095aba484092e91c392244db15eadb048eac0199 boost-serialization-1.41.0-25.el6.centos.i686.rpm fc995f4d57c0c6430366a90d47aa0bae96483977f3fc56183f8d9f0ee83a78fd boost-signals-1.41.0-25.el6.centos.i686.rpm 7d4f1cbc257b3062ae29d6a04387ced7e9f6167601cb41b7ba237a996cf90d1e boost-static-1.41.0-25.el6.centos.i686.rpm 6b1c61b5032dc2315c787ace884e64fbf2a87256d029643afd6ee5027a57b9f5 boost-system-1.41.0-25.el6.centos.i686.rpm 54c59cf3aaa718c2ceff96629982dc7260688f8a1b85a2ee4dac2f671d244367 boost-test-1.41.0-25.el6.centos.i686.rpm 132874e4afbeae657762f0efa7d9904a37fd4a1f6ca70e183b017ed723744372 boost-thread-1.41.0-25.el6.centos.i686.rpm 10f4479916e901578d448e818b9982a294023dbf77eba33fb5ecae23e16f0db4 boost-wave-1.41.0-25.el6.centos.i686.rpm x86_64: 80f8e8a1f9269a1b33a536097db8f44f531a47268341d799f7a61c6abc28a3f7 boost-1.41.0-25.el6.centos.x86_64.rpm bff46f66bdf08d7af49f2579070a2986489f4d0cf2fc50fbefb1db1bbf8b4b44 boost-date-time-1.41.0-25.el6.centos.i686.rpm 5e15947023016feab3051729559bfb5d07ceba8f17cf0cda72bd1dbca08313b3 boost-date-time-1.41.0-25.el6.centos.x86_64.rpm a98e0eee6562a62a9faa4bb35af33baa8605f55ea5d6f60f3474db067658004c boost-devel-1.41.0-25.el6.centos.i686.rpm 94204ecd50d31518d372c7305a48b0bc93a2c410135a61b77f1dc083dd6f898c boost-devel-1.41.0-25.el6.centos.x86_64.rpm b9c47962055ea82df305a131653b4089f8303678980746567b7879315b494372 boost-doc-1.41.0-25.el6.centos.x86_64.rpm 59d70f7c8445b38f096d7da99a457a707dc222f32458341513161de0558d8f66 boost-filesystem-1.41.0-25.el6.centos.i686.rpm 277295739bff9dcf391ade497c8af89723d259c5db51f65a8bb55e0c7a1d0bea boost-filesystem-1.41.0-25.el6.centos.x86_64.rpm 9ff07e5431c6b441f75d75f49ad8de98b58cfbcd7313fcdf1d9a748acb5cac4d boost-graph-1.41.0-25.el6.centos.i686.rpm 94df2c022340e5ad62722dadbc0f2cbe82f440387a8f73047aef888c55004314 boost-graph-1.41.0-25.el6.centos.x86_64.rpm 1236439492e10f87a653a0bcbfb586489ef26a889daee4a5725006963bac942f boost-graph-mpich-1.41.0-25.el6.centos.i686.rpm 3954077118183281c894ff223ab14e54c23da1b51df3bbf87b8adb6441d9da58 boost-graph-mpich-1.41.0-25.el6.centos.x86_64.rpm b1467b823b386ac7a5773cd71e1679d775469eab7fdd138a313779f1010efce3 boost-graph-openmpi-1.41.0-25.el6.centos.x86_64.rpm 89c9f6f5c2efa34deabec09fcde997a2153e85b919f559fce4497da48bfd5526 boost-iostreams-1.41.0-25.el6.centos.i686.rpm 839f3dc455ca95554329de5d343d91b0bc99ad4b11e0ce448b0ed9f72d0fe7d0 boost-iostreams-1.41.0-25.el6.centos.x86_64.rpm c4c1e8d676e00a0b802b6d02a2cd306109758b375eed4524689ee2d03e5021e8 boost-math-1.41.0-25.el6.centos.i686.rpm 40e0dc74f9db523a5d9387577ae0509a6177df691f90c3c3a96ea31ee0c26e34 boost-math-1.41.0-25.el6.centos.x86_64.rpm b7680e21976304879f8fff0f348f875b5d01167240f5cd885b7ea0674c35b144 boost-mpich-1.41.0-25.el6.centos.i686.rpm 7bc206968de4b9eb6ce5e034f8b24820a73ada391ee41ffcc978a32fb7752e77 boost-mpich-1.41.0-25.el6.centos.x86_64.rpm bc23cf70300d7350f52ae99e06cf51c2a7ca3b9e3ba8d09572429e3ab2de8f08 boost-mpich-devel-1.41.0-25.el6.centos.i686.rpm 64968bfa5d9fe9e6defdc53fb4f801a8f0f5a58c20561c9a0827936a98f990f5 boost-mpich-devel-1.41.0-25.el6.centos.x86_64.rpm 495a81eb57547558548ce44a3bace668593891326ea5aa8e23a0522b62d06346 boost-mpich-python-1.41.0-25.el6.centos.i686.rpm cceca1692f653c3273267e830ae78cc695182b869fa4e3605f49e82e3ec3859b boost-mpich-python-1.41.0-25.el6.centos.x86_64.rpm 34079acfce3f8ff1a400bfb5cbbe6a76febef015abd359074747d71f4f6e7a00 boost-openmpi-1.41.0-25.el6.centos.x86_64.rpm cb53d574c86d6baf1095882c223838995f997acb2eae4b86e2988a4ffaacf797 boost-openmpi-devel-1.41.0-25.el6.centos.x86_64.rpm d617f0bc5c87c40247b30322f0da3ee0e99b468ef16783a16e319bf10948d819 boost-openmpi-python-1.41.0-25.el6.centos.x86_64.rpm 383821a09269f59b4a2eed1c7ddbef14de9efb802dad465a23247446a6472cfc boost-program-options-1.41.0-25.el6.centos.i686.rpm 2ede0e11e914cd26cb0f48dbcd5991e490d3a1305d1978e71ab6273cfc1709ad boost-program-options-1.41.0-25.el6.centos.x86_64.rpm c3274326c0fd0c73248a51fcae954e2505382cb30e0ed8a006e7c464d06e23b9 boost-python-1.41.0-25.el6.centos.i686.rpm 41de8a5c1f24897555315cec4d6e281463bcf1e0c526b4acba6491424c360b21 boost-python-1.41.0-25.el6.centos.x86_64.rpm 3e868c4d33b3700511ecfe3c5c573c524796d5d2ea7567e7e78c851a68e1b724 boost-regex-1.41.0-25.el6.centos.i686.rpm ba5d04db023eeae3c417b12281f05bb6c725c47d2beffd09a4a66d957c0e5668 boost-regex-1.41.0-25.el6.centos.x86_64.rpm 20b99b44519954028f74fade095aba484092e91c392244db15eadb048eac0199 boost-serialization-1.41.0-25.el6.centos.i686.rpm dfd5ade6c63ef8584d8ea90838d96dbff02820c9f407ef4018bf36b2687741a2 boost-serialization-1.41.0-25.el6.centos.x86_64.rpm fc995f4d57c0c6430366a90d47aa0bae96483977f3fc56183f8d9f0ee83a78fd boost-signals-1.41.0-25.el6.centos.i686.rpm bd5734bca19a5f2e61f92a36a08a59c75c178619a9dac1a9165515a6fc7e50a1 boost-signals-1.41.0-25.el6.centos.x86_64.rpm 48396350c4e2bac0182051b30027d7e72cf837213366f22a2bcfd7d4e942e54c boost-static-1.41.0-25.el6.centos.x86_64.rpm 6b1c61b5032dc2315c787ace884e64fbf2a87256d029643afd6ee5027a57b9f5 boost-system-1.41.0-25.el6.centos.i686.rpm 25dc40e35c587bce397433f78b344ef4c2d51a3526f691ccd8054db1ad5ecdff boost-system-1.41.0-25.el6.centos.x86_64.rpm 54c59cf3aaa718c2ceff96629982dc7260688f8a1b85a2ee4dac2f671d244367 boost-test-1.41.0-25.el6.centos.i686.rpm 94adefbfd4999c475688324630eac915d7b9eac9f80e5c754e8e0d535b8286c0 boost-test-1.41.0-25.el6.centos.x86_64.rpm 132874e4afbeae657762f0efa7d9904a37fd4a1f6ca70e183b017ed723744372 boost-thread-1.41.0-25.el6.centos.i686.rpm 2e87a5a79d68e16fca038b790aa735c7d23a74b4571bd3da29786bd5328c2e50 boost-thread-1.41.0-25.el6.centos.x86_64.rpm 10f4479916e901578d448e818b9982a294023dbf77eba33fb5ecae23e16f0db4 boost-wave-1.41.0-25.el6.centos.i686.rpm bdf79d7041394fdb224fd1e50771f443f1395d4176b571c51b8af45be4668c6e boost-wave-1.41.0-25.el6.centos.x86_64.rpm Source: 16cc2afe5508f4be9fdedf9c0b421a85b96386638bc61afb4dab8f3cbec51aae boost-1.41.0-25.el6.centos.src.rpm NOTE: This is a rebuild of the boost-1.41.0-25.el6.centos.src.rpm SRPM to fix CentOS bug 8117 ... there is no modification to the actual source code, just needed to be built against the older (Version from CentOS-6.5 cmake) to match the way it was built in RHEL 6.6.
Monthly Archives: January 2015
CEBA-2015:0083 CentOS 6 dhcp BugFix Update
CentOS Errata and Bugfix Advisory 2015:0083 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0083.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 26568e6ea4be3e49429463f2155d88d75bf3632ba22ff52ae7f558623d9f56cc dhclient-4.1.1-43.P1.el6.centos.1.i686.rpm 55dca66705701a819a6e752ca8513ccecd74cfef038e7c673e5cb89ca2d576c5 dhcp-4.1.1-43.P1.el6.centos.1.i686.rpm 7178b03a5f4a40a537c56a606576f9f772b6b85e54de130004129a1195f439cb dhcp-common-4.1.1-43.P1.el6.centos.1.i686.rpm 03c772c1c8bfab34a0526c3d9109da74051e1ff665cc34859c6593724a47d9b2 dhcp-devel-4.1.1-43.P1.el6.centos.1.i686.rpm x86_64: 62ea2a3ecede028d1fe12f8ff5fd5aaab093b35f48bd730f529001d633e46005 dhclient-4.1.1-43.P1.el6.centos.1.x86_64.rpm a900a3114d0587de7f6559a7e4616372dab10dbb403c1728beb88d5a007d8655 dhcp-4.1.1-43.P1.el6.centos.1.x86_64.rpm 7511b8f60ea733a9e6799cb8ae189b8bc7efddb8f69328aa03ccf0b71fc13c2b dhcp-common-4.1.1-43.P1.el6.centos.1.x86_64.rpm 03c772c1c8bfab34a0526c3d9109da74051e1ff665cc34859c6593724a47d9b2 dhcp-devel-4.1.1-43.P1.el6.centos.1.i686.rpm 0b61842a4964ccb4ed2235ce3638cff659c7e5a1e8e5388cf58ae46672af21ba dhcp-devel-4.1.1-43.P1.el6.centos.1.x86_64.rpm Source: 07ad93348d57a1aca3369584148922bb00bccaba9e5659691f3270e6c7522ff0 dhcp-4.1.1-43.P1.el6.centos.1.src.rpm
How to access accounts protected by two-factor authentication if you lose your phone
Question of the week: I use two-factor authentication when logging into my accounts to keep them safe, but what happens if I lose my phone? Can I still access my accounts?
Security-minded individuals know the benefits of using two-factor authentication to keep their online accounts safe. For those of you who are not familiar with it, two-factor authentication is a security process which uses a combination of two different components, like something that you know, a master password or PIN, for instance, and something that you possess, like a token which can generate a number code or, more conveniently, your smartphone.
Using these two things in combination can provide unique identification when entering a site because you provide the password as well as a one-time use security code generated by your security token. If someone learns your password, your accounts are still protected because they need the security code too. Two-factor authentication can reduce the incidence of identity theft and phishing, and we suggest the use of it.
Google Authenticator gives you a security token to use with your own password.
There are a number of authenticator apps made for Android smartphones. For example, Google Authenticator lets you use a security code and your own password for sites and services like Facebook, Dropbox, Evernote, and WordPress. The app creates a link between your account and your device.
I lost my phone. How do I access my accounts?
If you are so security-minded that you use two-factor authentication to begin with, then you have probably taken precautions before you lose your phone. The majority of authenticator services allow a way to recover your access and remove the authorized device from your account. That is, if you change your mobile device, then you can disable the two-factor authentication from your account before doing so. Most commonly, you would use backup codes, send the codes via SMS to a trusted backup phone, or use a trusted computer. Sometimes, the service providers take several business days to verify your identity and, if possible, grant you access again.
But, if you failed to plan ahead and you lose your phone or if you buy a new smartphone without disabling the account, to use two-factor authentication again, you’ll need to install an authenticator app on your new device. The old device and the old backup codes won’t work anymore. Some of the sites you have synced to may also have their own procedure, for example, Dropbox.
Recently, an app is making the use of this security measure much more convenient. Authy is an app that manages your two-factor accounts on Android devices, iPhones, and even your PC. Any of these devices could be used to generate tokens and sync with each other. One authorized device could de-authorize a stolen one. A master password could block the access to Authy in these multiple devices and your settings are all kept encrypted locally. Neither Authy’s developers nor hackers would be able to access the tokens.
Maybe this complex recovery process is what does not make two-factor authentication omnipresent. But, after all, you just need to take a few precautions to increase your security a lot.
What to do before your smartphone is lost
Of course, it’s better not to lose your devices and for this, you should install and configure Avast Anti-Theft, which can help you find a lost device and even recover a stolen one with its tracking features. It can be downloaded and used for free from the Google Play Store.
CESA-2015:0085 Important CentOS 6java-1.6.0-openjdk Security Update
CentOS Errata and Security Advisory 2015:0085 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0085.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6d63880230551c17cab460f42d35a65592815401e57b4c9bccca8f406b34d538 java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.i686.rpm 117ad71af9a42d6d82ac623debf11efeb7ceb64dd998d6a54db392c849809bc6 java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el6_6.i686.rpm 75f9c6b5fd289e294398b4c96f30ffa1b86d6fd86db680bc0d1645e9637858ff java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el6_6.i686.rpm 24b853af79d34962cabea8c51385f921de2365a33137de278b3005d4e67cb1fa java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el6_6.i686.rpm 9fc3d90e8ed16c8c2498e4075d50dc49d8c78d83c949fa3d1ac134f2423f5484 java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el6_6.i686.rpm x86_64: 4a342091e10aa3153b5df389eb9d18c1183e83845c052b0e6a84f709fba170b8 java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm 97c62279e7db1ff061a88c87d47679884660581ee07df6dd172472d067e123c8 java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm 22dc00d0569f62d4afd2b05920a35b647201af5f1ac6e6468582b55d76d31690 java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm e873c18d7f5db34caaaa8477a9c6505cb8df31a55632d2af3a2d03ab529f00d8 java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm 0994176b6f5f336887d1de3e25684bfb537943728e16a614987d1f9babf378af java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el6_6.x86_64.rpm Source: c8a736ec5c778b8051472be3d9cd4ff6cde90d17dc4bcfef51d545bf183de11f java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el6_6.src.rpm
CEBA-2015:0084 CentOS 6 alsa-utils BugFix Update
CentOS Errata and Bugfix Advisory 2015:0084 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0084.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 08a090f943bdf25a8391b48e6e7bb30f0231db53763c65247c238a7cdf992ddd alsa-utils-1.0.22-9.el6_6.i686.rpm x86_64: 8439282442202c10c2900a4032b18816cde9ad47870687cb52c8dca3d508b026 alsa-utils-1.0.22-9.el6_6.x86_64.rpm Source: 414c3cce6053a45a0f0257d1913bf10e562b9f7533ae694442c167756ea9b235 alsa-utils-1.0.22-9.el6_6.src.rpm
CESA-2015:0085 Important CentOS 5java-1.6.0-openjdk Security Update
CentOS Errata and Security Advisory 2015:0085 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0085.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 370a43661034d4475b9775b3121813ceb2524ea0819be145004a188f4cc2862b java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el5_11.i386.rpm 8108208d499c50d1589f72cf2aaec8a9cd12ac0ef65cdf4e175cb814e4e7271a java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el5_11.i386.rpm 17ff209d7f0bf9ba22baa5aedf332843caa2c91fb1b89178c9c61648d8e9d0fa java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el5_11.i386.rpm 6101fcdbe9dd963c17478d8e0787adea544b18215c03cce0a6d509640d7ed406 java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el5_11.i386.rpm 48f2d61729e1b234e69df1e32d8051e22eadd92aba90bbf63152bf34d610bf57 java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el5_11.i386.rpm x86_64: 901cb94cd1a032c1318284faf7bb7eb9cb5c9d82690760fea94d999ac95485e2 java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm 70270e762844607c45a12ea66d54f8581bd2718c4972cef582c294cbaa6dc9c2 java-1.6.0-openjdk-demo-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm edf521556d3f01911e4a4b92af3379d2c67336920975a43e9f126317074dfdd3 java-1.6.0-openjdk-devel-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm a42b98c408398fdf9cc275da4801da8204b2b7863a63e569221793f6edf7c984 java-1.6.0-openjdk-javadoc-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm 0d84a84f2bdf5e42fe3686de407a3a8d9f8f87a8cfd49ca968ce32f0d1e86ddc java-1.6.0-openjdk-src-1.6.0.34-1.13.6.1.el5_11.x86_64.rpm Source: b3f54f8fc67fab3ef443637d87219c0fcfed47d79d9ab7a11ffb7131ab5c23e8 java-1.6.0-openjdk-1.6.0.34-1.13.6.1.el5_11.src.rpm
Android Wi-Fi Direct Vulnerability Details Disclosed
Core Security disclosed details on an Android Wi-Fi Direct denial of service vulnerability after Google said it had no timeline to patch the issue. The two sides also disagreed on the severity of the flaw.
Google Engineer Explains Company’s Decision Not to Patch Bug in Older Android Versions
Google has taken quite a bit of heat in recent weeks for its decision not to patch a vulnerability in the WebView component of Android in older versions, leaving hundreds of millions of users exposed to potential attacks. Now, a Google engineer is explaining the company’s reasoning, saying that patching older versions of the OS […]
Fedora EPEL 7 Security Update: mingw-jasper-1.900.1-26.el7
Resolved Bugs
1179282 – CVE-2014-8157 jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
1184753 – CVE-2014-8157 CVE-2014-8158 mingw-jasper: various flaws [epel-7]
1179298 – CVE-2014-8158 jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)<br
Fixes for CVE-2014-8157 and CVE-2014-8158
Fedora EPEL 6 Security Update: privoxy-3.0.23-1.el6
Resolved Bugs
1185926 – privoxy: security fixes in 3.0.23 [epel-all]
1185925 – privoxy: security fixes in 3.0.23 [fedora-all]<br
It was reported [1] that Privoxy 3.0.23 contains fixes for the following security issues:
– Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled
(the default) they could previously cause Privoxy to abort().
Reported by Matthew Daley.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/jcc.c?r1=1.433&r2=1.434
– Fixed multiple segmentation faults and memory leaks in the
pcrs code. This fix also increases the chances that an invalid
pcrs command is rejected as such. Previously some invalid commands
would be loaded without error. Note that Privoxy’s pcrs sources
(action and filter files) are considered trustworthy input and
should not be writable by untrusted third-parties.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47
– Fixed an ‘invalid read’ bug which could at least theoretically
cause Privoxy to crash.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298
[1]: http://seclists.org/oss-sec/2015/q1/259