Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Ubuntu 21.10 USN-5009-2: Critical Information Leak In Libslirp

ubuntu
Calendar Grey October 26, 2021
Dist Ubuntu Esm H88
Multiple bugs resolved in libslirp for Ubuntu 21.10 targeting information breaches stemming from inadequate header management.
Several security issues were fixed in libslirp.

Summary

Several security issues were fixed in libslirp.

Software Description:

- libslirp: General purpose TCP-IP emulator library

Details:

USN-5009-1 fixed vulnerabilities in libslirp. This update provides the

corresponding updates for Ubuntu 21.10.

Original advisory details:

Qiuhao Li discovered that libslirp incorrectly handled certain header data

lengths. An attacker inside a guest could possibly use this issue to leak

sensitive information from the host. This issue only affected Ubuntu 20.04

LTS and Ubuntu 20.10. (CVE-2020-29129, CVE-2020-29130)

It was discovered that libslirp incorrectly handled certain udp packets. An

attacker inside a guest could possibly use this issue to leak sensitive

information from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594,

CVE-2021-3595)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  libslirp0                       4.4.0-1ubuntu0.21.10.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5009-2

https://ubuntu.com/security/notices/USN-5009-1

CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595

Severity
critical
Lowest
Low
Medium
High
Critical

October 26, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.