Mageia 2021-0480: libslirp security update
Summary
Invalid pointer initialization issues were found in the SLiRP networking
implementation of QEMU.
In the bootp_input() function while processing a udp packet that is smaller
than the size of the 'bootp_t' structure. A malicious guest could use this
flaw to leak 10 bytes of uninitialized heap memory from the host. The
highest threat from this vulnerability is to data confidentiality. This
flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3592)
In the udp6_input() function while processing a udp packet that is smaller
than the size of the 'udphdr' structure. This issue may lead to out-of-bounds
read access or indirect host memory disclosure to the guest. The highest
threat from this vulnerability is to data confidentiality. This flaw affects
libslirp versions prior to 4.6.0. (CVE-2021-3593)
In the udp_input() function while processing a udp packet that is smaller
than the size of the 'udphdr' structure. This issue may lead to out-of-bounds
read access or indirect host memory disclosure to the guest. The highest
threat from this vulnerability is to data confidentiality. This flaw affects
libslirp versions prior to 4.6.0. (CVE-2021-3594)
In the tftp_input() function while processing a udp packet that is smaller
than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds
read access or indirect host memory disclosure to the guest. The highest
threat from this vulnerability is to data confidentiality. This flaw affects
libslirp versions prior to 4.6.0. (CVE-2021-3595)
References
- https://bugs.mageia.org/show_bug.cgi?id=29219
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3592
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3595
Resolution
MGASA-2021-0480 - Updated libslirp packages fix security vulnerability
SRPMS
- 8/core/libslirp-4.4.0-1.1.mga8