[Bug 1036985] Re: denial of service of too many headers in response

Jeremy Bicha Mon, 01 Oct 2012 18:55:59 -0700

This bug was fixed in the package tinyproxy - 1.8.3-3

---------------
tinyproxy (1.8.3-3) unstable; urgency=high


  * Add patches for CVE-2012-3505 (closes: #685281):
    - CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of
      headers to prevent DoS attacks.
    - CVE-2012-3505-tinyproxy-randomized-hashmaps.patch: Randomize hashmaps
      in order to avoid fake headers getting included in the same bucket,
      allowing for DoS attacks.
    Bug reported and patches contributed by gpernot.

 -- Jordi Mallach <[email protected]>  Mon, 24 Sep 2012 21:05:41 +0200

** Changed in: tinyproxy (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

Reply via email to