Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
202
security advisorymoderateinformation disclosureopenSUSE Leap Micro 5.2: 2022:2941-1 Moderate: libslirp Enhancement
An update that solves one vulnerability and has one errata is now available. . openSUSE Security Update: Security update for libslirp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:2941-1 Rating: moderate References: #1187365 #1201551 Cross-References: CVE-2021-3593 CVSS scores: CVE-2021-3593 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3593 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2941=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 References: https://www.suse.com/security/cve/CVE-2021-3593.html https://bugzilla.suse.com/1187365 https://bugzilla.suse.com/1201551 . The latest security enhancement for libslirp in openSUSE addresses a critical information exposure flaw and offers detailed guidance on applying the necessary patches.. openSUSE Leap Micro, libslirp update, information disclosure fix. . LinuxSecurity.com Team
Sep 01, 2022
OpenSUSE
100
security advisorymoderateinformation disclosureSUSE: 2022:2942-2 Moderate: Libslirp Security Vulnerability Mitigation
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for libslirp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2941-1 Rating: moderate References: #1187365 #1201551 Cross-References: CVE-2021-3593 CVSS scores: CVE-2021-3593 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3593 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-securityfixes: - Fix the version header (bsc#1201551) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2941=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2941=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2941=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2941=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2941=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2941=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 References: https://www.suse.com/security/cve/CVE-2021-3593.html https://bugzilla.suse.com/1187365 https://bugzilla.suse.com/1201551 . An update has been released to address a vulnerability in libslirp. Please refer to the documentation for specific information on affected products and the necessary patching process.. SUSE Linux Enterprise, libslirp security, openSUSE Leap, patch management. . Severity: Important. LinuxSecurity.com Team
Aug 30, 2022
•Important
SuSE
100
security advisorysystem updateinformation disclosureSUSE: 2022:1730-1 Important: libslirp Information Disclosure Impact
An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for libslirp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1730-1 Rating: important References: #1187364 #1187366 #1187367 #1198773 Cross-References: CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVSS scores: CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: Thisupdate for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1730=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1730=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1730=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1730=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1730=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1730=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.6.2 libslirp-devel-4.3.1-150300.6.2 libslirp0-4.3.1-150300.6.2 libslirp0-debuginfo-4.3.1-150300.6.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.6.2 libslirp-devel-4.3.1-150300.6.2 libslirp0-4.3.1-150300.6.2 libslirp0-debuginfo-4.3.1-150300.6.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.6.2 libslirp-devel-4.3.1-150300.6.2 libslirp0-4.3.1-150300.6.2 libslirp0-debuginfo-4.3.1-150300.6.2 - SUSELinux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.6.2 libslirp-devel-4.3.1-150300.6.2 libslirp0-4.3.1-150300.6.2 libslirp0-debuginfo-4.3.1-150300.6.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.6.2 libslirp0-4.3.1-150300.6.2 libslirp0-debuginfo-4.3.1-150300.6.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.6.2 libslirp0-4.3.1-150300.6.2 libslirp0-debuginfo-4.3.1-150300.6.2 References: https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://bugzilla.suse.com/1187364 https://bugzilla.suse.com/1187366 https://bugzilla.suse.com/1187367 https://bugzilla.suse.com/1198773 . A recent security patch for libslirp resolves three critical vulnerabilities across various SUSE distributions, emphasizing the need for prompt updates.. libslirp, SUSE Linux, information disclosure, security update. . Severity: Important. LinuxSecurity.com Team
May 18, 2022
•Important
SuSE
100
security advisoryvulnerabilitypatchSUSE: 2023:1578-2 Critical: Kernel Vulnerability Mitigation Announcement
An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for libslirp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1465-1 Rating: important References: #1187364 #1187366 #1187367 #1198773 Cross-References: CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVSS scores: CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: Thisupdate for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1465=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1465=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1465=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1465=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1465=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1465=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp-devel-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp-devel-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp-devel-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp-devel-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 References: https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://bugzilla.suse.com/1187364 https://bugzilla.suse.com/1187366 https://bugzilla.suse.com/1187367 https://bugzilla.suse.com/1198773 . This patch addresses four significant vulnerabilities in libslirp, boosting protection for various Ubuntu releases.. libslirp Update, SUSE Patch Instructions, Information Disclosure Fix. . Severity: Important. LinuxSecurity.com Team
Apr 29, 2022
•Important
SuSE
100
security advisorylow severityinformation disclosureSUSE: 2022:1314-1 Low: Libslirp Information Disclosure Patch
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for libslirp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1314-1 Rating: low References: #1187364 #1187366 #1187367 Cross-References: CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVSS scores: CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187366). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1314=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1314=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1314=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1314=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.3.3.1 libslirp-devel-4.3.1-150300.3.3.1 libslirp0-4.3.1-150300.3.3.1 libslirp0-debuginfo-4.3.1-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.3.3.1 libslirp-devel-4.3.1-150300.3.3.1 libslirp0-4.3.1-150300.3.3.1 libslirp0-debuginfo-4.3.1-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.3.3.1 libslirp-devel-4.3.1-150300.3.3.1 libslirp0-4.3.1-150300.3.3.1 libslirp0-debuginfo-4.3.1-150300.3.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.3.3.1 libslirp0-4.3.1-150300.3.3.1 libslirp0-debuginfo-4.3.1-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://bugzilla.suse.com/1187364 https://bugzilla.suse.com/1187366 https://bugzilla.suse.com/1187367 . SUSE has issued a security patch for libslirp addressing three minor vulnerabilities across different SUSE platforms.. SUSE Linux Enterprise, libslirp Update, Security Fixes,Information Disclosure, Patch Instructions. . Severity: Low. LinuxSecurity.com Team
Apr 22, 2022
•Low
SuSE
172
security advisorysecurity issueinformation leakUbuntu 21.10 USN-5009-2: Critical Information Leak In Libslirp
Several security issues were fixed in libslirp.. =========================================================================Ubuntu Security Notice USN-5009-2 October 26, 2021 libslirp vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 Summary: Several security issues were fixed in libslirp. Software Description: - libslirp: General purpose TCP-IP emulator library Details: USN-5009-1 fixed vulnerabilities in libslirp. This update provides the corresponding updates for Ubuntu 21.10. Original advisory details: Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-29129, CVE-2020-29130) It was discovered that libslirp incorrectly handled certain udp packets. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libslirp0 4.4.0-1ubuntu0.21.10.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5009-2 https://ubuntu.com/security/notices/USN-5009-1 CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595 Package Information: https://launchpad.net/ubuntu/+source/libslirp/4.4.0-1ubuntu0.21.10.1 . Multiple bugs resolved in libslirp for Ubuntu 21.10 targeting information breaches stemming from inadequate header management.. Ubuntu Security Notice, Libslirp Fix, Information Leak Threat. . Severity: Critical. LinuxSecurity.com Team
Oct 26, 2021
•Critical
Ubuntu
203
security advisorymoderate threatdata confidentialityMageia Security Advisory: 2021-0480 - Libslirp Data Leak Issue
Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU. In the bootp_input() function while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this . MGASA-2021-0480 - Updated libslirp packages fix security vulnerability Publication date: 20 Oct 2021 URL: https://advisories.mageia.org/MGASA-2021-0480.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595 Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU. In the bootp_input() function while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3592) In the udp6_input() function while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3593) In the udp_input() function while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3594) In the tftp_input() function while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.(CVE-2021-3595) References: - https://bugs.mageia.org/show_bug.cgi?id=29219 - https://lists.fedoraproject.org/archives/list/
Oct 20, 2021
•Critical
Mageia
91
security advisoryGentoolow severityGentoo: GLSA-202107-45 Medium Severity: libslirp Resource Exhaustion
Multiple vulnerabilities have been found in libslirp, the worst of which could result in a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-44 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: libslirp: Multiple vulnerabilities Date: July 20, 2021 Bugs: #796347 ID: 202107-44 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in libslirp, the worst of which could result in a Denial of Service condition. Background ========= libslirp is a TCP/IP emulator used to provide virtual networking services. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/libslirp < 4.6.0 > = 4.6.0 Description ========== Multiple vulnerabilities have been discovered in libslirp. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All libslirp users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-libs/libslirp-4.6.0" References ========= [ 1 ] CVE-2021-3592 https://nvd.nist.gov/vuln/detail/CVE-2021-3592 [ 2 ] CVE-2021-3593 https://nvd.nist.gov/vuln/detail/CVE-2021-3593 [ 3 ] CVE-2021-3594 https://nvd.nist.gov/vuln/detail/CVE-2021-3594 [ 4 ] CVE-2021-3595 https://nvd.nist.gov/vuln/detail/CVE-2021-3595 Availability =========== This GLSA and anyupdates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-44 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 20, 2021
•Medium
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!