Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Ubuntu 21.04: USN-5009-1 Critical: libslirp Information Leak

ubuntu
Calendar Grey July 15, 2021
Dist Ubuntu Esm H88
Patches addressing libslirp security issues can be found across multiple Ubuntu releases. Ensure your systems are up-to-date to prevent data exposures.
Several security issues were fixed in libslirp.

Summary

Several security issues were fixed in libslirp.

Software Description:

- libslirp: General purpose TCP-IP emulator library

Details:

Qiuhao Li discovered that libslirp incorrectly handled certain header data

lengths. An attacker inside a guest could possibly use this issue to leak

sensitive information from the host. This issue only affected Ubuntu 20.04

LTS and Ubuntu 20.10. (CVE-2020-29129, CVE-2020-29130)

It was discovered that libslirp incorrectly handled certain udp packets. An

attacker inside a guest could possibly use this issue to leak sensitive

information from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594,

CVE-2021-3595)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
  libslirp0                       4.4.0-1ubuntu0.1

Ubuntu 20.10:
  libslirp0                       4.3.1-1ubuntu0.1

Ubuntu 20.04 LTS:
  libslirp0                       4.1.0-2ubuntu2.2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2020-29129, CVE-2020-29130, CVE-2021-3592, CVE-2021-3593,

CVE-2021-3594, CVE-2021-3595

Severity
critical
Lowest
Low
Medium
High
Critical

July 15, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.