USN-7140-2: Tinyproxy vulnerability
Publication date
6 January 2025
Overview
tinyproxy could be made to expose sensitive information.
Releases
Packages
- tinyproxy - Lightweight, non-caching, optionally anonymizing HTTP proxy
Details
USN-7140-1 fixed CVE-2022-40468 in tinyproxy. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that Tinyproxy did not properly manage memory under
certain circumstances. An attacker could possibly use this issue to leak
left-over heap data if custom error page templates containing special
non-standard variables are used.
USN-7140-1 fixed CVE-2022-40468 in tinyproxy. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that Tinyproxy did not properly manage memory under
certain circumstances. An attacker could possibly use this issue to leak
left-over heap data if custom error page templates containing special
non-standard variables are used.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 14.04 trusty | tinyproxy – 1.8.3-3ubuntu14.04.1~esm2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.