iproute2: Use-after-free (CVE-2019-20795)

iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c.

References:

• https://nvd.nist.gov/vuln/detail/CVE-2019-20795
• https://security-tracker.debian.org/tracker/CVE-2019-2079
• Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0)

Patch:

https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10

Affected branches:

• master (04ff1e80)
• 3.11-stable (04ff1e80)
• 3.10-stable
• 3.9-stable