CVE-2019-18874

Advisory

Gns3-server 2.2.6 updates its dependency 'psutil' to version '5.6.6' to include a security fix.
https://github.com/GNS3/gns3-server/commit/392678e757c6208265e5d5c715c8dd1313300eff
https://github.com/advisories/GHSA-qfc5-mcwq-26q8

Affected package

Affected versions

Fixed versions

Vulnerability changelog

* Monitor ubrige processes.
* Add Xvnc command to the VNC servers list. Fixes 172
* Allow controller to reconnect to compute if communication is lost. Ref 1634
* Improvement of support for docker USER directive. Fixes 1727.
* Fix cannot delete Dynamips router the content of the "usage" field. Fixes https://github.com/GNS3/gns3-gui/issues/2947
* Prevent locked drawings to be deleted. Fixes https://github.com/GNS3/gns3-gui/issues/2948
* Fix issues with empty project variables. Fixes https://github.com/GNS3/gns3-gui/issues/2941
* Upgrade psutil to version 5.6.6 due to CVE-2019-18874 https://github.com/advisories/GHSA-qfc5-mcwq-26q8
* Remove 'format=raw' from the Qemu options of the disk interfaces. Ref 1699
* Allocate application IDs for IOU nodes on the controller. An application ID is used by IOU to generate its interface Mac addresses. They must be unique across all opened projects sharing the same computes to avoid Mac address collisions.
* Require VirtualBox >= 6.0 on AMD and >= 6.1 on Intel processors (for GNS3 VM only). Fixes 1610
* Add nvme disk interface and fix scsi disk interface for Qemu VMs.
* Disallow using "legacy networking mode" with Qemu >= 2.9.0
* Add latest Qemu nic models.
* Attempt to fix error when loading wmi module. Fixes 1712
* Handle "aborted" state for VirtualBox VMs. Fixes 1702
* Change how Hyper-V VMs are found. Ref 1612

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18874