Bug 29219 - libslirp new security issues CVE-2021-359[2-5]
Summary: libslirp new security issues CVE-2021-359[2-5]
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-04 21:07 CEST by David Walser
Modified: 2021-07-26 15:34 CEST (History)
4 users (show)

See Also:
Source RPM: libslirp-4.4.0-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-07-04 21:07:21 CEST
Fedora has issued an advisory today (July 4):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/

The issues are fixed upstream in 4.6.0.

Mageia 8 is also affected.
David Walser 2021-07-04 21:08:09 CEST

CC: (none) => geiger.david68210, mageia
Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 4.6.0

Comment 1 Lewis Smith 2021-07-05 20:43:37 CEST
This SRPM has been comitted by various people, so assigning this globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2021-07-06 09:39:10 CEST
Suggested advisory:
========================

The updated packages fix a security vulnerability:

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3592)

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3593)

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3594)

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3595)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3595
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
========================

Updated packages in core/updates_testing:
========================
lib(64)slirp-devel-4.4.0-1.1.mga8
lib(64)slirp0-4.4.0-1.1.mga8

from SRPM:
libslirp-4.4.0-1.1.mga8.src.rpm

Whiteboard: MGA8TOO => (none)
Assignee: pkg-bugs => qa-bugs
Status comment: Fixed upstream in 4.6.0 => (none)
Version: Cauldron => 8
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero

Comment 3 Herman Viaene 2021-07-26 15:34:04 CEST
MGA8-64 Plasma on Lenovo B50
No installation issues
No previous updates shown so
# urpmq --whatrequires lib64slirp0
lib64slirp0
qemu-system-aarch64-core
qemu-system-alpha-core
qemu-system-arm-core
and more moreof thos packages
slirp4netns.
Looked a thelast one in https://github.com/rootless-containers/slirp4netns and it looks like all I need to upset my wifi connection. Leaving for others.....

CC: (none) => herman.viaene


Note You need to log in before you can comment on or make changes to this bug.