- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Tinyproxy: Memory Disclosure Date: May 21, 2023 Bugs: #871924 ID: 202305-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure. Background ========= Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Affected packages ================ Package Vulnerable Unaffected ------------------- ------------ ------------ net-proxy/tinyproxy < 1.8.3-r3 >= 1.8.3-r3 Description ========== Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages. Impact ===== Contents of the Tinyproxy server's memory could be disclosed via generated error pages. Workaround ========= There is no known workaround at this time. Resolution ========= All Tinyproxy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.11.1_p20220908" References ========= [ 1 ] CVE-2022-40468 https://nvd.nist.gov/vuln/detail/CVE-2022-40468 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202305-27 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5