Amazon Linux 1 Security Advisory: ALAS-2016-663
Advisory Release Date: 2016-03-10 16:30 Pacific
Advisory Updated Date: 2016-03-10 16:30 Pacific
The remove_chunked_transfer_coding function allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. (CVE-2016-1982)
The client_host function in parsers.c allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. (CVE-2016-1983)
Affected Packages:
privoxy
Issue Correction:
Run yum update privoxy to update your system.
i686:
privoxy-3.0.23-2.7.amzn1.i686
privoxy-debuginfo-3.0.23-2.7.amzn1.i686
src:
privoxy-3.0.23-2.7.amzn1.src
x86_64:
privoxy-3.0.23-2.7.amzn1.x86_64
privoxy-debuginfo-3.0.23-2.7.amzn1.x86_64