Updated libslirp packages fix security vulnerability
Publication date: 20 Oct 2021Modification date: 20 Oct 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-3592 , CVE-2021-3593 , CVE-2021-3594 , CVE-2021-3595
Description
Invalid pointer initialization issues were found in the SLiRP networking implementation of QEMU. In the bootp_input() function while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3592) In the udp6_input() function while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3593) In the udp_input() function while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3594) In the tftp_input() function while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. (CVE-2021-3595)
References
- https://bugs.mageia.org/show_bug.cgi?id=29219
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3592
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3595
SRPMS
8/core
- libslirp-4.4.0-1.1.mga8