openSUSE-SU-2024:0119-1

Update to release 1.11.2
- Fix potential use-after-free in header handling [CVE-2023-49606, boo#1223746]
- Prevent junk from showing up in error page in invalid requests [CVE-2022-40468, CVE-2023-40533, boo#1223743]
Move tinyproxy program to /usr/bin.
Update to release 1.11.1
- New fnmatch based filtertype
Update to release 1.11
- Support for multiple bind directives.
update to 1.10.0:
- Configuration file has moved from /etc/tinyproxy.conf to /etc/tinyproxy/tinyproxy.conf.
- Add support for basic HTTP authentication
- Add socks upstream support
- Log to stdout if no logfile is specified
- Activate reverse proxy by default
- Support bind with transparent mode
- Allow multiple listen statements in the configuration
- Fix CVE-2017-11747: Create PID file before dropping privileges.
- Fix CVE-2012-3505: algorithmic complexity DoS in hashmap
- Bugfixes
- BB#110: fix algorithmic complexity DoS in hashmap
- BB#106: fix CONNECT requests with IPv6 literal addresses as host
- BB#116: fix invalid free for GET requests to ipv6 literal address
- BB#115: Drop supplementary groups
- BB#109: Fix crash (infinite loop) when writing to log file fails
- BB#74: Create log and pid files after we drop privs
- BB#83: Use output of id instead of $USER

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.2-bp155.3.3.1

{
    "binaries": [
        {
            "tinyproxy": "1.11.2-bp155.3.3.1"
        }
    ]
}

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0119-1.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.2-bp155.3.3.1

{
    "binaries": [
        {
            "tinyproxy": "1.11.2-bp155.3.3.1"
        }
    ]
}

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0119-1.json"