Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 701846 (CVE-2019-18874)

Summary: <dev-python/psutil-5.6.7: double free because of refcount mishandling (CVE-2019-18874)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: mgorny, python
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/giampaolo/psutil/pull/1616
Whiteboard: B2 [glsa? stable]
Package list:
dev-python/psutil-5.6.7
Runtime testing required: No

Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-03 00:32:26 UTC
CVE-2019-18874 (https://nvd.nist.gov/vuln/detail/CVE-2019-18874):
  psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs
  because of refcount mishandling within a while or for loop that converts
  system data into a Python object.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-12-03 08:41:56 UTC
Keywords for dev-python/psutil:
         |                               |   u   |  
         | a a   a     p           s r   |   n   |  
         | l m   r i   p   h m s   p i m | e u s | r
         | p d a m a p c x p 6 3   a s i | a s l | e
         | h 6 r 6 6 p 6 8 p 8 9 s r c p | p e o | p
         | a 4 m 4 4 c 4 6 a k 0 h c v s | i d t | o
---------+-------------------------------+-------+-------
   5.4.8 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o ~ o ~ o o | 7 # 0 | gentoo
   5.5.0 | + + + + + + + + ~ o + o + o o | 7 o   | gentoo
   5.6.0 | ~ + + ~ ~ + + + ~ o + o ~ o o | 7 o   | gentoo
[I]5.6.5 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o ~ o ~ o o | 7 #   | gentoo
   5.6.7 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o ~ o ~ o o | 7 o   | gentoo
Comment 2 Agostino Sarubbo gentoo-dev 2019-12-03 11:41:55 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-12-03 11:42:41 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-12-03 11:56:08 UTC
sparc stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-12-03 12:27:09 UTC
ppc64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-12-03 12:56:30 UTC
ia64 stable
Comment 7 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-12-04 01:00:51 UTC
arm64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-12-09 07:49:37 UTC
s390 stable
Comment 9 Agostino Sarubbo gentoo-dev 2019-12-10 10:55:08 UTC
ppc stable
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-12-24 15:16:46 UTC
arm stable