ALAS-2023-1739

Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1739
Advisory Released Date: 2023-05-03
Advisory Updated Date: 2023-05-03

Severity: Important

References: CVE-2021-20275 CVE-2021-44540 CVE-2021-44542
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. (CVE-2021-20275)

A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. (CVE-2021-44540)

A memory leak vulnerability was found in Privoxy when handling errors. (CVE-2021-44542)

Affected Packages:

privoxy

Issue Correction:
Run yum update privoxy to update your system.

New Packages:

i686:
    privoxy-3.0.23-2.17.amzn1.i686
    privoxy-debuginfo-3.0.23-2.17.amzn1.i686

src:
    privoxy-3.0.23-2.17.amzn1.src

x86_64:
    privoxy-3.0.23-2.17.amzn1.x86_64
    privoxy-debuginfo-3.0.23-2.17.amzn1.x86_64

Additional References

Red Hat: CVE-2021-20275, CVE-2021-44540, CVE-2021-44542

Mitre: CVE-2021-20275, CVE-2021-44540, CVE-2021-44542