Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 718954 (CVE-2020-1983) - <net-libs/libslirp-4.3.0, <app-emulation/slirp4netns-1.0.0: Use after free in ip_reass() (CVE-2020-1983)
Summary: <net-libs/libslirp-4.3.0, <app-emulation/slirp4netns-1.0.0: Use after free in...
Status: RESOLVED FIXED
Alias: CVE-2020-1983
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://gitlab.freedesktop.org/slirp/...
Whiteboard: ~3 [cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-23 02:15 UTC by Sam James
Modified: 2020-04-24 02:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-04-23 02:15:22 UTC
Patch: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9ac0371bb8c0a40f5d9f82a1c25129660e81df04

Release will be made soon, hasn't been done yet.
Comment 1 Larry the Git Cow gentoo-dev 2020-04-24 01:56:31 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f956a6617c77ab833527fbdc15f34907d2bb0db

commit 1f956a6617c77ab833527fbdc15f34907d2bb0db
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2020-04-24 01:55:39 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2020-04-24 01:55:58 +0000

    net-libs/libslirp: Remove vulnerable version 4.2.0
    
    Bug: https://bugs.gentoo.org/718954
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 net-libs/libslirp/Manifest              |  1 -
 net-libs/libslirp/libslirp-4.2.0.ebuild | 21 ---------------------
 2 files changed, 22 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7957a94663a457c5373d09a4e67b4a5b140a93f

commit a7957a94663a457c5373d09a4e67b4a5b140a93f
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2020-04-24 01:53:30 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2020-04-24 01:55:10 +0000

    net-libs/libslirp: Bump to version 4.3.0
    
    Bug: https://bugs.gentoo.org/718954
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 net-libs/libslirp/Manifest              |  1 +
 net-libs/libslirp/libslirp-4.3.0.ebuild | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)
Comment 2 Sam James archtester gentoo-dev Security 2020-04-24 01:57:37 UTC
All done. Thanks!
Comment 3 Larry the Git Cow gentoo-dev 2020-04-24 02:07:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bad66a4dea0f7ad7b94f74441242cbbc440ab824

commit bad66a4dea0f7ad7b94f74441242cbbc440ab824
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2020-04-24 02:04:56 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2020-04-24 02:05:07 +0000

    app-emulation/slirp4netns: Remove vulnerable version 0.4.3
    
    Bug: https://bugs.gentoo.org/718954
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-emulation/slirp4netns/Manifest                 |  1 -
 app-emulation/slirp4netns/slirp4netns-0.4.3.ebuild | 36 ----------------------
 2 files changed, 37 deletions(-)