Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 796347 (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595)

Summary: <net-libs/libslirp-4.6.0: Multiple vulnerabilities (CVE-2021-{3592,3593,3594,3595})
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: zmedico
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+ cve]
Package list:
net-libs/libslirp-4.6.1
Runtime testing required: ---
Bug Depends on: 796737    
Bug Blocks:    

Description Sam James archtester gentoo-dev Security 2021-06-16 13:36:25 UTC
* CVE-2021-3592

Description:
"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."

* CVE-2021-3593

Description:
"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."

* CVE-2021-3594

Description:
"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."

* CVE-2021-3595

Description:
"An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."
Comment 1 Sam James archtester gentoo-dev Security 2021-06-16 13:37:30 UTC
Please bump to >= 4.6.0.
Comment 2 Larry the Git Cow gentoo-dev 2021-06-16 15:07:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2eeab759791900721e086f63a3765bf9a46f5909

commit 2eeab759791900721e086f63a3765bf9a46f5909
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2021-06-16 15:04:08 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2021-06-16 15:06:25 +0000

    net-libs/libslirp: Bump to version 4.6.0
    
    Bug: https://bugs.gentoo.org/796347
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 net-libs/libslirp/Manifest              |  1 +
 net-libs/libslirp/libslirp-4.6.0.ebuild | 35 +++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
Comment 3 Sam James archtester gentoo-dev Security 2021-06-16 15:14:09 UTC
Thanks! Tell us when ready to stable.
Comment 4 Zac Medico gentoo-dev 2021-06-17 19:25:58 UTC
Let's go ahead and stabilize it.
Comment 5 Agostino Sarubbo gentoo-dev 2021-06-18 06:27:23 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2021-06-18 06:29:12 UTC
ppc64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2021-06-18 06:30:22 UTC
x86 stable
Comment 8 Sam James archtester gentoo-dev Security 2021-06-18 22:37:36 UTC
arm64 done

all arches done
Comment 9 Larry the Git Cow gentoo-dev 2021-06-19 15:37:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b2bfdfd9ec92eeedc83c5c22b0c29c43dc0c550

commit 3b2bfdfd9ec92eeedc83c5c22b0c29c43dc0c550
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2021-06-19 15:35:29 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2021-06-19 15:37:01 +0000

    net-libs/libslirp: Remove vunlnerable version
    
    Bug: https://bugs.gentoo.org/796347
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 net-libs/libslirp/Manifest                 |  1 -
 net-libs/libslirp/libslirp-4.3.1-r1.ebuild | 39 ------------------------------
 2 files changed, 40 deletions(-)
Comment 10 NATTkA bot gentoo-dev 2021-06-19 16:04:23 UTC
Unable to check for sanity:

> no match for package: net-libs/libslirp-4.6.0
Comment 11 John Helmert III gentoo-dev Security 2021-06-19 16:06:27 UTC
Thank you!
Comment 12 John Helmert III gentoo-dev Security 2021-07-10 00:29:07 UTC
GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2021-07-20 04:16:15 UTC
This issue was resolved and addressed in
 GLSA 202107-44 at https://security.gentoo.org/glsa/202107-44
by GLSA coordinator John Helmert III (ajak).