openSUSE-SU-2020:0142-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0142-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2020:0142-1

Related

Published

2020-01-29T16:47:06Z

Modified

2020-01-29T16:47:06Z

Summary

Security update for shadowsocks-libev

Details

This update for shadowsocks-libev fixes the following issues:

Update version to 3.3.3
- Refine the handling of suspicious connections.
- Fix exploitable denial-of-service vulnerability exists in the UDPRelay functionality (boo#1158251, CVE-2019-5163)
- Fix code execution vulnerability in the ss-manager binary (boo#1158365, CVE-2019-5164)
- Refine the handling of fragment request.
- Fix a high CPU bug introduced in 3.3.0. (#2449)
- Enlarge the socket buffer size to 16KB.
- Fix the empty list bug in ss-manager.
- Fix the IPv6 address parser.
- Fix a bug of port parser.
- Fix a crash with MinGW.
- Refine SIP003 plugin interface.
- Remove connection timeout from all clients.
- Fix the alignment bug again.
- Fix a bug on 32-bit arch.
- Add TCP fast open support to ss-tunnel by @PantherJohn.

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / shadowsocks-libev

Package

Name: shadowsocks-libev
Purl: pkg:rpm/suse/shadowsocks-libev&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.3-bp151.5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "shadowsocks-libev": "3.3.3-bp151.5.3.1",
            "shadowsocks-libev-doc": "3.3.3-bp151.5.3.1",
            "libshadowsocks-libev2": "3.3.3-bp151.5.3.1",
            "shadowsocks-libev-devel": "3.3.3-bp151.5.3.1"
        }
    ]
}