[Git][security-tracker-team/security-tracker][master] Add notes on mitigation for shadowsocks-libev issue

Salvatore Bonaccorso Mon, 02 Dec 2019 12:10:01 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1a5265d3 by Salvatore Bonaccorso at 2019-12-02T20:06:30Z
Add  notes on mitigation for shadowsocks-libev issue

The ss-manager should in any case never be exposed to pubic and anyone
using ss-manager should use unix domain socket path (via
--manager-socket).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44623,6 +44623,8 @@ CVE-2019-XXXX [shadowsocks-libev TALOS-2019-0958]
        - shadowsocks-libev 3.3.3+ds-2
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958
        NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2537
+       NOTE: Mitigation: Using a unix socket with ss-manager via 
--manager-socket.
+       NOTE: Exposing ss-manager to pubic is always dangerous.
 CVE-2019-5163
        RESERVED
        - shadowsocks-libev 3.3.3+ds-2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a5265d35ddd3e9418e8eaedb8221a38b72a67fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1a5265d35ddd3e9418e8eaedb8221a38b72a67fd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add notes on mitigation for shadowsocks-libev issue

Reply via email to