UbuntuUpdates.org

Package "libslirp"

Name: libslirp

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • General purpose TCP-IP emulator library (development files)
  • General purpose TCP-IP emulator library
Latest version: 4.1.0-2ubuntu2.2
Release: focal (20.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libslirp" in Focal

Repository Area Version
base main 4.1.0-2ubuntu2
updates main 4.1.0-2ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.1.0-2ubuntu2.2 2021-07-15 18:06:28 UTC

  libslirp (4.1.0-2ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via buffer overread
    - debian/patches/CVE-2020-29129_30.patch: check pkt_len before reading
      protocol header in src/ncsi.c, src/slirp.c.
    - CVE-2020-29129
    - CVE-2020-29130
  * SECURITY UPDATE: data leak in bootp_input()
    - debian/patches/CVE-2021-3592-1.patch: add mtod_check() to src/mbuf.*.
    - debian/patches/CVE-2021-3592-2.patch: limit vendor-specific area to
      input packet memory buffer in src/bootp.*, src/mbuf.*.
    - debian/patches/CVE-2021-3592-3.patch: check bootp_input buffer size
      in src/bootp.c.
    - debian/patches/CVE-2021-3592-4.patch: fix regression in dhcp in
      src/bootp.c.
    - CVE-2021-3592
  * SECURITY UPDATE: data leak in udp6_input()
    - debian/patches/CVE-2021-3593.patch: check udp6_input buffer size in
      src/udp6.c.
    - CVE-2021-3593
  * SECURITY UPDATE: data leak in udp_input()
    - debian/patches/CVE-2021-3594.patch: check upd_input buffer size in
      src/udp.c.
    - CVE-2021-3594
  * SECURITY UPDATE: data leak in tftp_input()
    - debian/patches/CVE-2021-3595-1.patch: check tftp_input buffer size in
      src/tftp.c.
    - debian/patches/CVE-2021-3595-2.patch: introduce a header structure in
      src/tftp.*.
    - CVE-2021-3595

 -- Marc Deslauriers <email address hidden> Mon, 21 Jun 2021 08:43:06 -0400
Source diff to previous version
CVE-2020-29129 ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packe
CVE-2020-29130 slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total pack
CVE-2021-3592 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and c
CVE-2021-3593 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and co
CVE-2021-3594 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and cou
CVE-2021-3595 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and co

Version: 4.1.0-2ubuntu2.1 2020-07-27 16:06:52 UTC

  libslirp (4.1.0-2ubuntu2.1) focal-security; urgency=medium

  * SECURITY UPDATE: OOB read in icmp6_send_echoreply()
    - debian/patches/CVE-2020-10756.patch: check message size in
      src/ip6_input.c.
    - CVE-2020-10756

 -- Marc Deslauriers <email address hidden> Thu, 23 Jul 2020 14:09:04 -0400
CVE-2020-10756 An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echorep


About   -   Send Feedback to @ubuntu_updates