tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages
memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a
heap-based buffer overflow or other out-of-bounds access which can lead to a
DoS or potential execute arbitrary code.
This is probably already fixed, but wanted to file to make sure that we put a fix in place.
Maintainers please confirm.
Author: Matthias Maier <email@example.com>
Date: Fri Mar 13 13:21:03 2020 -0500
app-emulation/qemu: update slirp to current master
Package-Manager: Portage-2.3.93, Repoman-2.3.20
Signed-off-by: Matthias Maier <firstname.lastname@example.org>
@maintainer(s), please advise if ready for stabilisation, or call yourself.
(In reply to Sam James (sec padawan) from comment #3)
> @maintainer(s), please advise if ready for stabilisation, or call yourself.
This issue was resolved and addressed in
GLSA 202005-02 at https://security.gentoo.org/glsa/202005-02
by GLSA coordinator Thomas Deutschmann (whissi).