Red Hat Security Advisory 2012-1461-01 - libproxy is a library that handles all the details of proxy configuration. A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration files. A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an application using libproxy to crash or, possibly, execute arbitrary code, if the proxy settings obtained by libproxy instructed the use of a PAC proxy configuration. This issue was discovered by the Red Hat Security Response Team.
5c7f16dcfba2cf4f5658219235c4db10c46995052fe4628b13d2eb4b3926396a
Ubuntu Security Notice 1629-1 - Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code.
2968459de6c88dc6181d4d9051c736f11dd989c514cf37bee924e54a846b2ca1
Debian Linux Security Advisory 2571-1 - The Red Hat Security Response Team discovered that libproxy, a library for automatic proxy configuration management, applied insufficient validation to the Content-Length header sent by a server providing a proxy.pac file. Such remote server could trigger an integer overflow and consequently overflow an in-memory buffer.
d071b3013090ffba7d81166f1e448fe065b00dccf3cc293082d4d594ef5ea254