Arch Linux alert ASA-202012-7 (libslirp)
| From: | Remi Gacogne <rgacogne@archlinux.org> | |
| To: | arch-security@archlinux.org | |
| Subject: | [ASA-202012-7] libslirp: information disclosure | |
| Date: | Wed, 09 Dec 2020 19:58:38 +0100 | |
| Message-ID: | <2be1a5e9-3d8f-cd54-730f-018915ba1758@archlinux.org> |
Arch Linux Security Advisory ASA-202012-7 ========================================= Severity: Medium Date : 2020-12-05 CVE-ID : CVE-2020-29129 CVE-2020-29130 Package : libslirp Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-1305 Summary ======= The package libslirp before version 4.4.0-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 4.4.0-1. # pacman -Syu "libslirp>=4.4.0-1" The problems have been fixed upstream in version 4.4.0. Workaround ========== None. Description =========== - CVE-2020-29129 (information disclosure) ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. A privileged guest user may use this flaw to potentially leak host information bytes. - CVE-2020-29130 (information disclosure) slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. A privileged guest user may use this flaw to potentially leak host information bytes. Impact ====== A privileged guest user may be able to access sensitive information from the host memory. References ========== https://www.openwall.com/lists/oss-security/2020/11/27/1 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e... https://git.qemu.org/?p=qemu.git;a=commitdiff;h=37c0c885d... https://security.archlinux.org/CVE-2020-29129 https://security.archlinux.org/CVE-2020-29130