CESA-2012:1461 -- centos 6 libproxyID: oval:org.secpod.oval:def:202490 | Date: (C)2012-11-16 (M)2023-07-28 |
Class: PATCH | Family: unix |
libproxy is a library that handles all the details of proxy configuration. A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration files. A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an application using libproxy to crash or, possibly, execute arbitrary code, if the proxy settings obtained by libproxy instructed the use of a PAC proxy configuration. This issue was discovered by the Red Hat Security Response Team. Users of libproxy should upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using libproxy must be restarted for this update to take effect.