[PULL 1/1] slirp: update to fix CVE-2020-29129 CVE-2020-29130

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 1/1] slirp: update to fix CVE-2020-29129 CVE-2020-29130

From:	marcandre . lureau
Subject:	[PULL 1/1] slirp: update to fix CVE-2020-29129 CVE-2020-29130
Date:	Fri, 27 Nov 2020 21:08:36 +0400

From: Marc-André Lureau <marcandre.lureau@redhat.com>

An out-of-bounds access issue was found in the SLIRP user networking
implementation of QEMU. It could occur while processing ARP/NCSI
packets, if the packet length was shorter than required to accommodate
respective protocol headers and payload. A privileged guest user may use
this flaw to potentially leak host information bytes.

Marc-André Lureau (1):
      Merge branch 'stable-4.2' into 'stable-4.2'

Prasad J Pandit (1):
      slirp: check pkt_len before reading protocol header

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 slirp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/slirp b/slirp
index ce94eba204..8f43a99191 160000
--- a/slirp
+++ b/slirp
@@ -1 +1 @@
-Subproject commit ce94eba2042d52a0ba3d9e252ebce86715e94275
+Subproject commit 8f43a99191afb47ca3f3c6972f6306209f367ece
-- 
2.29.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130, marcandre . lureau, 2020/11/27
- [PULL 1/1] slirp: update to fix CVE-2020-29129 CVE-2020-29130, marcandre . lureau <=
- Re: [PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130, Peter Maydell, 2020/11/27

Prev by Date: [PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130
Next by Date: Re: [PATCH 8/8] hw/arm/virt: Disable highmem when on hypervisor.framework
Previous by thread: [PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130
Next by thread: Re: [PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130
Index(es):
- Date
- Thread