MGASA-2012-0309
| Date: | October 29th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated libproxy packages fix security vulnerability:
A buffer overflow flaw was discovered in the libproxy's url::get_pac()
used to download proxy.pac proxy auto-configuration file. A malicious
host hosting proxy.pac, or a man in the middle attacker, could use this
flaw to trigger a stack-based buffer overflow in an application using
libproxy, if proxy configuration instructed it to download proxy.pac
file from a remote HTTP server (CVE-2012-4504).
Updated Packages:
Mageia 1:
lib(64)modman1-0.4.6-8.1.mga1
lib(64)proxy1-0.4.6-8.1.mga1
lib(64)proxy-devel-0.4.6-8.1.mga1
libproxy-gnome-0.4.6-8.1.mga1
libproxy-kde-0.4.6-8.1.mga1
libproxy-mozjs-0.4.6-8.1.mga1
libproxy-perl-0.4.6-8.1.mga1
libproxy-utils-0.4.6-8.1.mga1
libproxy-webkit-0.4.6-8.1.mga1
python-libproxy-0.4.6-8.1.mga1
Mageia 2:
lib(64)proxy1-0.4.7-6.1.mga2
lib(64)proxy-devel-0.4.7-6.1.mga2
lib(64)proxy-gnome-0.4.7-6.1.mga2
lib(64)proxy-kde-0.4.7-6.1.mga2
lib(64)proxy-mozjs-0.4.7-6.1.mga2
lib(64)proxy-networkmanager-0.4.7-6.1.mga2
lib(64)proxy-webkit-0.4.7-6.1.mga2
libproxy-gxsettings-0.4.7-6.1.mga2
libproxy-perl-0.4.7-6.1.mga2
libproxy-utils-0.4.7-6.1.mga2
python-libproxy-0.4.7-6.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4504
https://bugzilla.redhat.com/show_bug.cgi?id=864417
http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html
https://bugs.mageia.org/show_bug.cgi?id=7887
