Publishing details
Changelog
libslirp (4.1.0-2ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: DoS via buffer overread
- debian/patches/CVE-2020-29129_30.patch: check pkt_len before reading
protocol header in src/ncsi.c, src/slirp.c.
- CVE-2020-29129
- CVE-2020-29130
* SECURITY UPDATE: data leak in bootp_input()
- debian/patches/CVE-2021-3592-1.patch: add mtod_check() to src/mbuf.*.
- debian/patches/CVE-2021-3592-2.patch: limit vendor-specific area to
input packet memory buffer in src/bootp.*, src/mbuf.*.
- debian/patches/CVE-2021-3592-3.patch: check bootp_input buffer size
in src/bootp.c.
- debian/patches/CVE-2021-3592-4.patch: fix regression in dhcp in
src/bootp.c.
- CVE-2021-3592
* SECURITY UPDATE: data leak in udp6_input()
- debian/patches/CVE-2021-3593.patch: check udp6_input buffer size in
src/udp6.c.
- CVE-2021-3593
* SECURITY UPDATE: data leak in udp_input()
- debian/patches/CVE-2021-3594.patch: check upd_input buffer size in
src/udp.c.
- CVE-2021-3594
* SECURITY UPDATE: data leak in tftp_input()
- debian/patches/CVE-2021-3595-1.patch: check tftp_input buffer size in
src/tftp.c.
- debian/patches/CVE-2021-3595-2.patch: introduce a header structure in
src/tftp.*.
- CVE-2021-3595
-- Marc Deslauriers <email address hidden> Mon, 21 Jun 2021 08:43:06 -0400
Builds
Built packages
-
libslirp-dev
General purpose TCP-IP emulator library (development files)
-
libslirp0
General purpose TCP-IP emulator library
-
libslirp0-dbgsym
debug symbols for libslirp0
Package files