Oracle.Enterprise.Linux.Update.for.libproxy.ELSA-2012-1461

description-logoDescription

libproxy is a library that handles all the details of proxy configuration.
In November 2012, Oracle released update packages for libproxy that fixed a critical vulnerability:
Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504. (CVE-2012-4505)

affected-products-logoAffected Products

Oracle Linux 6

Impact logoImpact

This vulnerability could potentially allow remote attackers to execute arbitrary code, or to cause denial of service on vulnerable systems.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in
ELSA-2012-1461 Oracle Linux 6 http://oss.oracle.com/pipermail/el-errata/2012-November/003137.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)