RedHat: RHSA-2020-0889:01 Important: slirp4netns security update

    Date 17 Mar 2020
    221
    Posted By LinuxSecurity Advisories
    An update for slirp4netns is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: slirp4netns security update
    Advisory ID:       RHSA-2020:0889-01
    Product:           Red Hat Enterprise Linux Extras
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0889
    Issue date:        2020-03-17
    CVE Names:         CVE-2019-14378 CVE-2019-15890 CVE-2020-7039 
                       CVE-2020-8608 
    =====================================================================
    
    1. Summary:
    
    An update for slirp4netns is now available for Red Hat Enterprise Linux 7
    Extras.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux 7 Extras - ppc64le, s390x, x86_64
    
    3. Description:
    
    The slirp4netns package contains user-mode networking for unprivileged
    network namespaces. It is required to enable networking for rootless
    containers.
    
    Security Fix(es):
    
    * QEMU: slirp: heap buffer overflow during packet reassembly
    (CVE-2019-14378)
    
    * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
    (CVE-2020-7039)
    
    * CVE-2020-8608 slirp4netns: QEMU: Slirp: potential OOB access due to
    unsafe snprintf() usages
    
    * CVE-2019-15890 QEMU: Slirp: use-after-free during packet reassembly
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1734745 - CVE-2019-14378 QEMU: slirp: heap buffer overflow during packet reassembly
    1749716 - CVE-2019-15890 QEMU: Slirp: use-after-free during packet reassembly
    1791551 - CVE-2020-7039 QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
    1798453 - CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages
    
    6. Package List:
    
    Red Hat Enterprise Linux 7 Extras:
    
    Source:
    slirp4netns-0.3.0-8.el7_7.src.rpm
    
    ppc64le:
    slirp4netns-0.3.0-8.el7_7.ppc64le.rpm
    slirp4netns-debuginfo-0.3.0-8.el7_7.ppc64le.rpm
    
    s390x:
    slirp4netns-0.3.0-8.el7_7.s390x.rpm
    slirp4netns-debuginfo-0.3.0-8.el7_7.s390x.rpm
    
    x86_64:
    slirp4netns-0.3.0-8.el7_7.x86_64.rpm
    slirp4netns-debuginfo-0.3.0-8.el7_7.x86_64.rpm
    
    Red Hat Enterprise Linux 7 Extras:
    
    Source:
    slirp4netns-0.3.0-8.el7_7.src.rpm
    
    x86_64:
    slirp4netns-0.3.0-8.el7_7.x86_64.rpm
    slirp4netns-debuginfo-0.3.0-8.el7_7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-14378
    https://access.redhat.com/security/cve/CVE-2019-15890
    https://access.redhat.com/security/cve/CVE-2020-7039
    https://access.redhat.com/security/cve/CVE-2020-8608
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXnEPcdzjgjWX9erEAQjGZg/8DokZdKdQr5b+tnmz0ap+aFX2yCrR1TvK
    JOixVGfyLd3WtlIKzJzA46QuBmKq/h8Uil1OLiVmiagOicBql6V9q1o6eSyfpSrQ
    R1F6Mc0+C5otDYO8FOW+d+M1DmhCTock08KvNNCecuWhPTRM1Rv4UP6pBChdEUG/
    Ws+GFzUIcVqiM+VmtLQcMIUE4V0XM9g5Iv3OzBrPCgghjqNhlzmli7eMKf6H/JVm
    Lt43PehBMEIxBVddYj5Nfo519pcG/LC2Mzb6qnR5St9PE56WfGqSg9ciVlQdSGpW
    Ge41tx7VzjV7RsNx44B5jg+6rEPLhbkeh7T301sVERTXoDpCSEPIPJjjCLFlvPkJ
    4N6vb7GMCRV1ejs6jDPRlIrbnvk6OEV9axnZ+jicatDT8wdRjTGm0FtuxoVGXuOp
    fgFBM7s4/mr/mXVDhHDM7jgy6Ioin40HhQSp+5BdDkqh7pIHzWq4/lACgifVAFAm
    zHqoA/nO02FsRiDfohWkM7U9aIv9G+e11SqD1gJGs9UwHzzTygquCfGqYGvu/k4W
    n8yZZrsae1HfZVf7D9Dqv5Xdd12dAYRiINW1qj7x5eKwGTpcfYupocn3fE1UlxXW
    3CvSwfBD2EPPLbZCDyslGSy1BTZuG4IT8e21tPDJoVF4yIyNRz6jC0Wt09u/xPlg
    2KfxcZjQaOY=
    =rEV/
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"96","type":"x","order":"1","pct":80,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.