| Summary: | libslirp/slirp4netns new security issue CVE-2020-1983 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Joseph Wang <joequant> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | geiger.david68210 |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | libslirp-4.2.0-1.mga8.src.rpm, slirp4netns-0.4.4-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-05-04 20:28:12 CEST
Fixed in libslirp-4.2.0-2.mga8. Status:
NEW =>
RESOLVED SUSE has issued an advisory toay (May 6): http://lists.suse.com/pipermail/sle-security-updates/2020-May/006785.html The slirp4netns package is also affected. I'm not sure if they just upgraded to 0.4.5 or if it needed to be patched. Status:
RESOLVED =>
REOPENED (In reply to David Walser from comment #3) > SUSE has issued an advisory today (May 6): > http://lists.suse.com/pipermail/sle-security-updates/2020-May/006785.html > > The slirp4netns package is also affected. > > I'm not sure if they just upgraded to 0.4.5 or if it needed to be patched. openSUSE has issued an advisory for this today (May 11): https://lists.opensuse.org/opensuse-updates/2020-05/msg00065.html They only needed to update to 0.4.5. Latest release 1.0.1 uses now system libslirp. OK, that's good. It hasn't been pushed yet. So fixed for Cauldron updating slirp4netns to latest 1.0.1 release that uses now system libslirp. Fixed in slirp4netns-1.0.1-1.mga8. Thanks! Resolution:
(none) =>
FIXED |