ALAS-2016-663


Amazon Linux AMI Security Advisory: ALAS-2016-663
Advisory Release Date: 2016-03-10 16:30 Pacific
Severity: Medium

Issue Overview:

The remove_chunked_transfer_coding function allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. (CVE-2016-1982 )

The client_host function in parsers.c allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. (CVE-2016-1983 )


Affected Packages:

privoxy


Issue Correction:
Run yum update privoxy to update your system.

New Packages:
i686:
    privoxy-3.0.23-2.7.amzn1.i686
    privoxy-debuginfo-3.0.23-2.7.amzn1.i686

src:
    privoxy-3.0.23-2.7.amzn1.src

x86_64:
    privoxy-3.0.23-2.7.amzn1.x86_64
    privoxy-debuginfo-3.0.23-2.7.amzn1.x86_64