MGASA-2021-0480 - Updated libslirp packages fix security vulnerability

Publication date: 20 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0480.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-3592,
     CVE-2021-3593,
     CVE-2021-3594,
     CVE-2021-3595

Invalid pointer initialization issues were found in the SLiRP networking
implementation of QEMU.

In the bootp_input() function while processing a udp packet that is smaller
than the size of the 'bootp_t' structure. A malicious guest could use this
flaw to leak 10 bytes of uninitialized heap memory from the host. The
highest threat from this vulnerability is to data confidentiality. This
flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3592)

In the udp6_input() function while processing a udp packet that is smaller
than the size of the 'udphdr' structure. This issue may lead to out-of-bounds
read access or indirect host memory disclosure to the guest. The highest
threat from this vulnerability is to data confidentiality. This flaw affects
libslirp versions prior to 4.6.0. (CVE-2021-3593)

In the udp_input() function while processing a udp packet that is smaller
than the size of the 'udphdr' structure. This issue may lead to out-of-bounds
read access or indirect host memory disclosure to the guest. The highest
threat from this vulnerability is to data confidentiality. This flaw affects
libslirp versions prior to 4.6.0. (CVE-2021-3594)

In the tftp_input() function while processing a udp packet that is smaller
than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds
read access or indirect host memory disclosure to the guest. The highest
threat from this vulnerability is to data confidentiality. This flaw affects
libslirp versions prior to 4.6.0. (CVE-2021-3595)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29219
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3592
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3595

SRPMS:
- 8/core/libslirp-4.4.0-1.1.mga8