Summary: | <dev-libs/glib-2.60.7-r2: Mishandling of proxy_addr field in GSocketClient may lead to proxy being ignored (CVE-2020-6750) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mart Raudsepp <leio> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gnome |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
dev-libs/glib-2.60.7-r2
|
Runtime testing required: | --- |
Description
Mart Raudsepp
2020-02-22 18:27:00 UTC
amd64 stable s390 stable sparc stable ia64 stable ppc64 stable ppc stable x86 stable CVE-2020-6750 (https://nvd.nist.gov/vuln/detail/CVE-2020-6750): GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. arm stable arm64 stable hppa stable @maintainer(s), please cleanup |