UbuntuUpdates.org

Package "slirp"

Name: slirp

Description:

SLIP/PPP emulator using a dial up shell account

Latest version: 1:1.0.17-8ubuntu18.04.1
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: http://slirp.sourceforge.net

Links


Download "slirp"


Other versions of "slirp" in Bionic

Repository Area Version
base universe 1:1.0.17-8build1
security universe 1:1.0.17-8ubuntu18.04.1

Changelog

Version: 1:1.0.17-8ubuntu18.04.1 2020-11-12 21:07:19 UTC

  slirp (1:1.0.17-8ubuntu18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflows
    - debian/patches/014_CVE-2020-7039.patch: tcp_emu: Fix oob access
    - debian/patches/CVE-2020-8608.patch: tcp_emu: fix unsafe snprintf()
      usages and util: add slirp_fmt() helpers
    - CVE-2020-7039
    - CVE-2020-8608

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 05 Nov 2020 13:57:57 +0000

CVE-2020-7039 tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a h
CVE-2020-8608 In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.



About   -   Send Feedback to @ubuntu_updates