Background: 3proxy [1] is universal multifunctional free open source proxy server with multiple protocols supports (HTTP/HTTPS/Ftp over HTTP, POP3, FTP, SOCKS 4/4.5/5, UDP and TCP portmapping, DNS proxy) with ACL-based access control, proxy chaining, traffic accounting, bandwidth limitation, configurable logging, etc for Windows/Linux/Unix. Description: On April, 14 3proxy development team released urgent 0.5.3h update [2] for 3proxy, fixing stack-based buffer overflow vulnerability in both Windows and Linux/Unix 3proxy versions 0.5-0.5.3g and 0.6-devel branch before date of the fix (CVE-2007-2031) [3]. Vulnerability was found during bug report investigation. Binary 3proxy 0.6-devel distribution is compiled with stack protection. On April, 20 reviewed 0.5.3i version [2] of 3proxy was released, fixing few security unrelated functionality issues with bandwidth limitation and traffic limitation. Update information: All 3proxy users are advised to update to latest 0.5.3i (or at least 0.5.3h) or 0.6-devel version [4]. Please subscribe to three-proxy-announce mailing list [5] to be immediately informed on new 3proxy releases. Announce: 0.6 version of 3proxy introduces extended access control / traffic control features and plugins/extensions support. Windows authentication is in beta testing, regular expressions filtering/rewriting plugin is in alpha testing, LDAP plugin is in development, antiviral plugins are planned for development. We invite port maintainers, developers and beta testers. References: [1] 3proxy official homepage http://3proxy.ru/ [2] 3proxy 0.5.3i Changelog http://3proxy.ru/0.5.3i/Changelog.txt [3] CVE-2007-2031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2031 [4] 3proxy download page http://3proxy.ru/download/ [5] 3proxy announcements mailing list at Sourceforge https://lists.sourceforge.net/lists/listinfo/three-proxy-announce
