Site Navigation:
security privoxy-3.0.21-1.el6 security update
Status:stable
Release: Fedora EPEL 6
Update ID: FEDORA-EPEL-2013-0632
Builds: privoxy-3.0.21-1.el6 (logs)
Pushed: True
Date Submitted: 2013-03-12 14:51:50
Date Released: 2013-03-12 16:45:34
Submitter: limb
Karma: 0
Stable karma: 3
Unstable karma: -3
Details

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2503 to the following vulnerability:

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.

References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2503 [2] http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/ [3] http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup

Bugs Fixed
920645 - CVE-2013-2503: privoxy: Proxy-Authentication response spoofing [fedora-all]
920647 - CVE-2013-2503: privoxy: Proxy-Authentication response spoofing [epel-6]
Feedback
bodhi - 2013-03-12 14:52:21
This update has been submitted for testing by limb.
bodhi - 2013-03-12 15:43:22
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-03-12 17:44:17
This update has been pushed to testing
bodhi - 2013-03-26 22:07:48
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-03-27 12:14:47
This update has been submitted for stable by limb.
bodhi - 2013-03-27 15:47:17
This update is currently being pushed to the Fedora EPEL 6 stable updates repository.
bodhi - 2013-03-28 18:37:40
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters