Fedora has issued an advisory on May 1: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HWFD4MWV3YWIHVHSA2F7FKOLJFL4PHOX/
Done for Cauldron!
CC: (none) => geiger.david68210
Fixed in libslirp-4.2.0-2.mga8.
Status: NEW => RESOLVEDResolution: (none) => FIXED
SUSE has issued an advisory toay (May 6): http://lists.suse.com/pipermail/sle-security-updates/2020-May/006785.html The slirp4netns package is also affected. I'm not sure if they just upgraded to 0.4.5 or if it needed to be patched.
Status: RESOLVED => REOPENEDSource RPM: libslirp-4.2.0-1.mga8.src.rpm => libslirp-4.2.0-1.mga8.src.rpm, slirp4netns-0.4.4-1.mga8.src.rpmAssignee: thierry.vignaud => joequantResolution: FIXED => (none)Summary: libslirp new security issue CVE-2020-1983 => libslirp/slirp4netns new security issue CVE-2020-1983
(In reply to David Walser from comment #3) > SUSE has issued an advisory today (May 6): > http://lists.suse.com/pipermail/sle-security-updates/2020-May/006785.html > > The slirp4netns package is also affected. > > I'm not sure if they just upgraded to 0.4.5 or if it needed to be patched. openSUSE has issued an advisory for this today (May 11): https://lists.opensuse.org/opensuse-updates/2020-05/msg00065.html They only needed to update to 0.4.5.
Latest release 1.0.1 uses now system libslirp.
OK, that's good. It hasn't been pushed yet.
So fixed for Cauldron updating slirp4netns to latest 1.0.1 release that uses now system libslirp.
Fixed in slirp4netns-1.0.1-1.mga8. Thanks!
Resolution: (none) => FIXEDStatus: REOPENED => RESOLVED