- Vulnerability/
- USN-7140-2
USN-7140-2: Tinyproxy vulnerability
First published: Mon Jan 06 2025(Updated: )
USN-7140-1 fixed CVE-2022-40468 in tinyproxy. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Tinyproxy did not properly manage memory under certain circumstances. An attacker could possibly use this issue to leak left-over heap data if custom error page templates containing special non-standard variables are used.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/tinyproxy | <1.8.3-3ubuntu14.04.1~esm2 | 1.8.3-3ubuntu14.04.1~esm2 |
| Ubuntu Linux | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of USN-7140-2?
The severity of USN-7140-2 is considered moderate due to potential memory management vulnerabilities in Tinyproxy.
How do I fix USN-7140-2?
To fix USN-7140-2, update Tinyproxy to version 1.8.3-3ubuntu14.04.1~esm2 or later.
What is CVE-2022-40468 related to USN-7140-2?
CVE-2022-40468 relates to improper memory management in Tinyproxy, which could lead to security issues.
Is USN-7140-2 applicable to other Ubuntu versions?
No, USN-7140-2 specifically addresses vulnerabilities in Tinyproxy for Ubuntu 14.04 LTS.
What should I do if I cannot update Tinyproxy for USN-7140-2?
If you cannot update Tinyproxy, consider temporarily disabling it or implementing additional security measures to mitigate the risk.
- agent/last-modified-date
- agent/severity
- agent/title
- agent/type
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu linux
- version/ubuntu linux/14.04