This was fixed in precise in:
tinyproxy (1.8.3-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: Fix for denial of service vulnerability where remote
attackers send crafted request headers. (LP: #1154502)
- debian/patches/001-CVE-2012-3505.patch: Limit the number of headers to
prevent DoS attacks. Randomize hashmaps in order to avoid fake headers
getting included in the same bucket, allowing for DoS attacks.
- CVE-2012-3505
-- Christian Kuersteiner <[email protected]> Wed, 13 Mar 2013 16:42:14 +0700
Closing the precise task.
** Changed in: tinyproxy (Ubuntu Precise)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985
Title:
denial of service of too many headers in response
To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs