* CVE-2021-3592 Description: "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0." * CVE-2021-3593 Description: "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0." * CVE-2021-3594 Description: "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0." * CVE-2021-3595 Description: "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."
Please bump to >= 4.6.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2eeab759791900721e086f63a3765bf9a46f5909 commit 2eeab759791900721e086f63a3765bf9a46f5909 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-06-16 15:04:08 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-06-16 15:06:25 +0000 net-libs/libslirp: Bump to version 4.6.0 Bug: https://bugs.gentoo.org/796347 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> net-libs/libslirp/Manifest | 1 + net-libs/libslirp/libslirp-4.6.0.ebuild | 35 +++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+)
Thanks! Tell us when ready to stable.
Let's go ahead and stabilize it.
amd64 stable
ppc64 stable
x86 stable
arm64 done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b2bfdfd9ec92eeedc83c5c22b0c29c43dc0c550 commit 3b2bfdfd9ec92eeedc83c5c22b0c29c43dc0c550 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-06-19 15:35:29 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-06-19 15:37:01 +0000 net-libs/libslirp: Remove vunlnerable version Bug: https://bugs.gentoo.org/796347 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> net-libs/libslirp/Manifest | 1 - net-libs/libslirp/libslirp-4.3.1-r1.ebuild | 39 ------------------------------ 2 files changed, 40 deletions(-)
Unable to check for sanity: > no match for package: net-libs/libslirp-4.6.0
Thank you!
GLSA request filed.
This issue was resolved and addressed in GLSA 202107-44 at https://security.gentoo.org/glsa/202107-44 by GLSA coordinator John Helmert III (ajak).
