Oracle.Enterprise.Linux.Update.for.libproxy.ELSA-2012-1461
Description
libproxy is a library that handles all the details of proxy configuration.
In November 2012, Oracle released update packages for libproxy that fixed a critical vulnerability:
Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504. (CVE-2012-4505)
Affected Products
Oracle Linux 6
Impact
This vulnerability could potentially allow remote attackers to execute arbitrary code, or to cause denial of service on vulnerable systems.
Recommended Actions
Please download and apply patches as instructed in
ELSA-2012-1461 Oracle Linux 6 http://oss.oracle.com/pipermail/el-errata/2012-November/003137.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |