Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:2667-1

Опубликовано: 11 дек. 2019
Источник: suse-cvrf

Описание

Security update for shadowsocks-libev

This update for shadowsocks-libev fixes the following issues:

  • Update version to 3.3.3
    • Refine the handling of suspicious connections.
    • Fix exploitable denial-of-service vulnerability exists in the UDPRelay functionality (boo#1158251, CVE-2019-5163)
    • Fix code execution vulnerability in the ss-manager binary (boo#1158365, CVE-2019-5164)
    • Refine the handling of fragment request.
    • Fix a high CPU bug introduced in 3.3.0. (#2449)
    • Enlarge the socket buffer size to 16KB.
    • Fix the empty list bug in ss-manager.
    • Fix the IPv6 address parser.
    • Fix a bug of port parser.
    • Fix a crash with MinGW.
    • Refine SIP003 plugin interface.
    • Remove connection timeout from all clients.
    • Fix the alignment bug again.
    • Fix a bug on 32-bit arch.
    • Add TCP fast open support to ss-tunnel by @PantherJohn.

Список пакетов

openSUSE Leap 15.1
libshadowsocks-libev2-3.3.3-lp151.2.3.1
shadowsocks-libev-3.3.3-lp151.2.3.1
shadowsocks-libev-devel-3.3.3-lp151.2.3.1
shadowsocks-libev-doc-3.3.3-lp151.2.3.1

Ссылки

Описание

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.

Затронутые продукты
openSUSE Leap 15.1:libshadowsocks-libev2-3.3.3-lp151.2.3.1
openSUSE Leap 15.1:shadowsocks-libev-3.3.3-lp151.2.3.1
openSUSE Leap 15.1:shadowsocks-libev-devel-3.3.3-lp151.2.3.1
openSUSE Leap 15.1:shadowsocks-libev-doc-3.3.3-lp151.2.3.1
Ссылки

Описание

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.

Затронутые продукты
openSUSE Leap 15.1:libshadowsocks-libev2-3.3.3-lp151.2.3.1
openSUSE Leap 15.1:shadowsocks-libev-3.3.3-lp151.2.3.1
openSUSE Leap 15.1:shadowsocks-libev-devel-3.3.3-lp151.2.3.1
openSUSE Leap 15.1:shadowsocks-libev-doc-3.3.3-lp151.2.3.1
Ссылки