Ubuntu
libslirp package

libslirp 4.1.0-2ubuntu2.2 source package in Ubuntu

Changelog

libslirp (4.1.0-2ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via buffer overread
    - debian/patches/CVE-2020-29129_30.patch: check pkt_len before reading
      protocol header in src/ncsi.c, src/slirp.c.
    - CVE-2020-29129
    - CVE-2020-29130
  * SECURITY UPDATE: data leak in bootp_input()
    - debian/patches/CVE-2021-3592-1.patch: add mtod_check() to src/mbuf.*.
    - debian/patches/CVE-2021-3592-2.patch: limit vendor-specific area to
      input packet memory buffer in src/bootp.*, src/mbuf.*.
    - debian/patches/CVE-2021-3592-3.patch: check bootp_input buffer size
      in src/bootp.c.
    - debian/patches/CVE-2021-3592-4.patch: fix regression in dhcp in
      src/bootp.c.
    - CVE-2021-3592
  * SECURITY UPDATE: data leak in udp6_input()
    - debian/patches/CVE-2021-3593.patch: check udp6_input buffer size in
      src/udp6.c.
    - CVE-2021-3593
  * SECURITY UPDATE: data leak in udp_input()
    - debian/patches/CVE-2021-3594.patch: check upd_input buffer size in
      src/udp.c.
    - CVE-2021-3594
  * SECURITY UPDATE: data leak in tftp_input()
    - debian/patches/CVE-2021-3595-1.patch: check tftp_input buffer size in
      src/tftp.c.
    - debian/patches/CVE-2021-3595-2.patch: introduce a header structure in
      src/tftp.*.
    - CVE-2021-3595

 -- Marc Deslauriers <email address hidden>  Mon, 21 Jun 2021 08:43:06 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates main misc
Focal security main misc

Downloads

File Size SHA-256 Checksum
libslirp_4.1.0.orig.tar.bz2 90.9 KiB f423c54c96eb3310bf9519abc8c9c11539801a14327b48b8f36acf407584bbd1
libslirp_4.1.0-2ubuntu2.2.debian.tar.xz 12.4 KiB 5b60e16245339766538eb36fec7dbce0c17f2ebabb07303425ca300e99428393
libslirp_4.1.0-2ubuntu2.2.dsc 2.1 KiB 7118552366ee590717ee34a128951ccc3f8cb5476c219fbb6cfe3df4a9db154d

View changes file

Binary packages built by this source

libslirp-dev: General purpose TCP-IP emulator library (development files)

 libslirp is a user-mode networking library used by virtual machines,
 containers or various tools.
 .
 This package contains the header files and other files
 needed to compile applications which uses libslirp.

libslirp0: General purpose TCP-IP emulator library

 libslirp is a user-mode networking library used by virtual machines,
 containers or various tools.
 .
 This package contains the library itself.

libslirp0-dbgsym: debug symbols for libslirp0