Upstream information

CVE-2021-44543 at MITRE

Description

An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1193584 [CONFIRMED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP3
  • privoxy >= 3.0.33-bp153.2.3.1
  • privoxy-doc >= 3.0.33-bp153.2.3.1
Patchnames:
openSUSE-2021-1646
openSUSE Leap 15.2
  • privoxy >= 3.0.33-lp152.3.12.1
  • privoxy-doc >= 3.0.33-lp152.3.12.1
Patchnames:
openSUSE-2021-1646
openSUSE Leap 15.3
  • privoxy >= 3.0.33-bp153.2.3.1
  • privoxy-doc >= 3.0.33-bp153.2.3.1
Patchnames:
openSUSE-2021-1646
openSUSE Tumbleweed
  • privoxy >= 3.0.33-1.1
  • privoxy-doc >= 3.0.33-1.1
Patchnames:
openSUSE Tumbleweed GA privoxy-3.0.33-1.1