Security update for shadowsocks-libev (moderate)

An update that fixes two vulnerabilities is now available.

Description:

This update for shadowsocks-libev fixes the following issues:

• Update version to 3.3.3
  • Refine the handling of suspicious connections.
  • Fix exploitable denial-of-service vulnerability exists in the UDPRelay
    functionality (boo#1158251, CVE-2019-5163)
  • Fix code execution vulnerability in the ss-manager binary
    (boo#1158365, CVE-2019-5164)
  • Refine the handling of fragment request.
  • Fix a high CPU bug introduced in 3.3.0. (#2449)
  • Enlarge the socket buffer size to 16KB.
  • Fix the empty list bug in ss-manager.
  • Fix the IPv6 address parser.
  • Fix a bug of port parser.
  • Fix a crash with MinGW.
  • Refine SIP003 plugin interface.
  • Remove connection timeout from all clients.
  • Fix the alignment bug again.
  • Fix a bug on 32-bit arch.
  • Add TCP fast open support to ss-tunnel by @PantherJohn.

This update was imported from the openSUSE:Leap:15.1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Backports SLE-15-SP1:

  zypper in -t patch openSUSE-2020-142=1