Summary: | <net-p2p/go-ethereum-1.10.14: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | maintainer-needed, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/ethereum/go-ethereum/security/advisories/GHSA-59hh-656j-3p7v | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 825398 | ||
Bug Blocks: |
Description
John Helmert III
![]() ![]() ![]() ![]() CVE-2021-43668: Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30fa6ec820e60f600f2ed0b50e32104886271db4 commit 30fa6ec820e60f600f2ed0b50e32104886271db4 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-12-24 04:01:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-12-24 04:01:59 +0000 net-p2p/go-ethereum: drop 1.10.2, 1.10.3, 1.10.8 Bug: https://bugs.gentoo.org/820380 Signed-off-by: Sam James <sam@gentoo.org> net-p2p/go-ethereum/Manifest | 163 ------ net-p2p/go-ethereum/go-ethereum-1.10.2.ebuild | 758 -------------------------- net-p2p/go-ethereum/go-ethereum-1.10.3.ebuild | 656 ---------------------- net-p2p/go-ethereum/go-ethereum-1.10.8.ebuild | 705 ------------------------ 4 files changed, 2282 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b767f880c3b124bd50dd2b7e019ce783f49aa36 commit 1b767f880c3b124bd50dd2b7e019ce783f49aa36 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-12-24 04:01:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-12-24 04:01:38 +0000 net-p2p/go-ethereum: add 1.10.14 Bug: https://bugs.gentoo.org/820380 Closes: https://bugs.gentoo.org/825398 Signed-off-by: Sam James <sam@gentoo.org> net-p2p/go-ethereum/Manifest | 27 + net-p2p/go-ethereum/go-ethereum-1.10.14.ebuild | 717 +++++++++++++++++++++++++ 2 files changed, 744 insertions(+) |