CVE-2023-25076: https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, TLS or DTLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. Talos gave us a fix in the CVE for once. Please bump to 0.6.1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4999c5e769737f642df960bdeff4b00a41740b82 commit 4999c5e769737f642df960bdeff4b00a41740b82 Author: Pierre-Olivier Mercier <nemunaire@nemunai.re> AuthorDate: 2023-04-03 07:30:16 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-04-16 06:47:32 +0000 www-servers/sniproxy: Bump to 0.6.1 Bug: https://bugs.gentoo.org/903716 Signed-off-by: Pierre-Olivier Mercier <nemunaire@nemunai.re> Signed-off-by: Sam James <sam@gentoo.org> www-servers/sniproxy/Manifest | 1 + www-servers/sniproxy/sniproxy-0.6.1.ebuild | 75 ++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+)
Thanks!