Arch Linux alert ASA-202106-49 (libslirp)
| From: | Jonas Witschel via arch-security <arch-security@lists.archlinux.org> | |
| To: | arch-security@lists.archlinux.org | |
| Subject: | [ASA-202106-49] libslirp: information disclosure | |
| Date: | Thu, 24 Jun 2021 18:20:01 +0200 | |
| Message-ID: | <20210624162001.a4jof4m6mbjv3szg@archlinux.org> | |
| Cc: | Jonas Witschel <diabonas@archlinux.org> |
Arch Linux Security Advisory ASA-202106-49 ========================================== Severity: Medium Date : 2021-06-22 CVE-ID : CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 Package : libslirp Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-2073 Summary ======= The package libslirp before version 4.6.0-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 4.6.0-1. # pacman -Syu "libslirp>=4.6.0-1" The problems have been fixed upstream in version 4.6.0. Workaround ========== None. Description =========== - CVE-2021-3592 (information disclosure) An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU before version 4.6.0. The flaw exists in the bootp_input() function and could occur while processing a UDP packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. - CVE-2021-3593 (information disclosure) An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU before version 4.6.0. The flaw exists in the udp6_input() function and could occur while processing a UDP packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. - CVE-2021-3594 (information disclosure) An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU before version 4.6.0. The flaw exists in the udp_input() function and could occur while processing a UDP packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. - CVE-2021-3595 (information disclosure) An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU before version 4.6.0. The flaw exists in the tftp_input() function and could occur while processing a UDP packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. Impact ====== A malicious guest could disclose contents of the host's memory using crafted UDP packets. References ========== https://bugzilla.redhat.com/show_bug.cgi?id=1970484 https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93... https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f1... https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e... https://bugzilla.redhat.com/show_bug.cgi?id=1970487 https://gitlab.freedesktop.org/slirp/libslirp/-/issues/45 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de... https://bugzilla.redhat.com/show_bug.cgi?id=1970491 https://gitlab.freedesktop.org/slirp/libslirp/-/issues/47 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74... https://bugzilla.redhat.com/show_bug.cgi?id=1970489 https://gitlab.freedesktop.org/slirp/libslirp/-/issues/46 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f... https://gitlab.freedesktop.org/slirp/libslirp/-/commit/99... https://security.archlinux.org/CVE-2021-3592 https://security.archlinux.org/CVE-2021-3593 https://security.archlinux.org/CVE-2021-3594 https://security.archlinux.org/CVE-2021-3595