Bug 1160668 (CVE-2020-6750) - VUL-1: CVE-2020-6750: glib2: GSocketClient may occasionally connect directly to a target address instead of connecting via a proxy server
Summary: VUL-1: CVE-2020-6750: glib2: GSocketClient may occasionally connect directly ...
Status: NEW
Alias: CVE-2020-6750
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P4 - Low : Normal (vote)
Target Milestone: Current
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/250738/
Whiteboard: CVSSv3:SUSE:CVE-2020-6750:3.1:(AV:N/...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-10 12:45 UTC by Alexandros Toptsoglou
Modified: 2022-10-20 02:20 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-01-10 12:45:44 UTC
CVE-2020-6750

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to
a target address instead of connecting via a proxy server when configured to do
so, because the proxy_addr field is mishandled. This bug is timing-dependent and
may occur only sporadically depending on network delays. The greatest security
relevance is in use cases where a proxy is used to help with privacy/anonymity,
even though there is no technical barrier to a direct connection. NOTE: versions
before 2.60 are unaffected.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6750
https://gitlab.gnome.org/GNOME/glib/issues/1989
Comment 1 Alexandros Toptsoglou 2020-01-10 13:49:09 UTC
This issue seems related to the Happy Eyeball (RFC 8305) implementation which introduced to glib in version 2.59.1 [1]. Upstream mentions that versions before 2.60.0 are not affected [2]. The newest version that we ship is in SLE15 (version 2.54.3). 
Only TW is affected. Please upgrade when a newer version is released. Since Happy Eyeball implementation introduces regressions, there is also a tracker issue upstream [3] that tracks all the bugs regarding it. Normally, the changes log mentions Fixed Happy Eyeball implementation and the issue number in parenthesis. 

[1] https://gitlab.gnome.org/GNOME/glib/blob/2.59.1/gio/gsocketclient.c
[2] https://gitlab.gnome.org/GNOME/glib/issues/1989#note_679825
[3] https://gitlab.gnome.org/GNOME/glib/issues/1995
Comment 2 Jia Zhaocong 2022-10-20 02:20:19 UTC
Cleaning up GNOME CVE backlog. A newer version is in Factory. Assign back to security team.