Bugzilla – Bug 1158365
VUL-0: CVE-2019-5164: code execution vulnerability in the ss-manager binary of Shadowsocks-libev 3.3.2
Last modified: 2020-01-29 23:39:17 UTC
CVE-2019-5164 An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5164 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
Fixed by version 3.3.3 [0] too. Nothing left to do once these are released: https://build.opensuse.org/request/show/753248 15.0 / shadowsocks-libev https://build.opensuse.org/request/show/753255 15.1 / shadowsocks-libev [0] https://github.com/shadowsocks/shadowsocks-libev/issues/2537
This is an autogenerated message for OBS integration: This bug (1158365) was mentioned in https://build.opensuse.org/request/show/754211 15.1 / shadowsocks-libev
openSUSE-SU-2019:2667-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1158251,1158365 CVE References: CVE-2019-5163,CVE-2019-5164 Sources used: openSUSE Leap 15.1 (src): shadowsocks-libev-3.3.3-lp151.2.3.1
Fixed.
This is an autogenerated message for OBS integration: This bug (1158365) was mentioned in https://build.opensuse.org/request/show/764828 Factory / shadowsocks-libev
openSUSE-SU-2020:0142-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1158251,1158365 CVE References: CVE-2019-5163,CVE-2019-5164 Sources used: openSUSE Backports SLE-15-SP1 (src): shadowsocks-libev-3.3.3-bp151.5.3.1