Package: junkbuster
Version: 2.0.2-0.2
Severity: grave
Tags: security, woody
Justification: user security hole

According to 
http://lwn.net/Alerts/131964/ 

JunkBuster is vulnerable to a heap corruption vulnerability, and under
certain configurations may allow an attacker to modify settings.

Impact
======

If JunkBuster has been configured to run in single-threaded mode, an
attacker can disable or modify the filtering of Referrer: HTTP
headers,
potentially compromising the privacy of users. The heap corruption
vulnerability could crash or disrupt the operation of the proxy,
potentially executing arbitrary code.


The fix can probably taken from the above Gentoo security advisory.

You might want to track http://lwn.net/Articles/131972/ for other
vendors responses.

Please also check if the successor, privoxy, is impacted as well.


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to