A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure.
|Package||net-proxy/tinyproxy on all architectures|
|Affected versions||< 1.11.1_p20220908|
|Unaffected versions||>= 1.11.1_p20220908|
Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems.
Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages.
Contents of the Tinyproxy server's memory could be disclosed via generated error pages.
There is no known workaround at this time.
All Tinyproxy users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.11.1_p20220908"
May 21, 2023
May 21, 2023: 1