CVE-2012-4504

Published: 12 October 2012

Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.

Notes

Author	Note
jdstrand	only 0.4 affected

Priority

Status

Package	Release	Status
libproxy Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable
	natty	Not vulnerable
	oneiric	Not vulnerable (0.3.1-2ubuntu6)
	precise	Released (0.4.7-0ubuntu4.1)
	quantal	Released (0.4.7-0ubuntu6)
	upstream	Released (0.4.9)
	Patches: other: http://code.google.com/p/libproxy/source/detail?r=853
	This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.

References

http://www.openwall.com/lists/oss-security/2012/10/12/1
https://ubuntu.com/security/notices/USN-1629-1
https://www.cve.org/CVERecord?id=CVE-2012-4504
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›