A buffer overflow in libproxy might allow remote attackers to execute arbitrary code.
|Package||net-libs/libproxy on all architectures|
|Affected versions||< 0.4.10|
|Unaffected versions||>= 0.4.10|
libproxy is a library for automatic proxy configuration management.
A boundary error when processing the proxy.pac file could cause a stack-based buffer overflow.
A man-in-the-middle attacker could provide a specially crafted proxy.pac file on a remote server, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All libproxy users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libproxy-0.4.10"
April 07, 2014
April 07, 2014: 1