libslirp 4.3.1-1ubuntu0.1 source package in Ubuntu

Changelog

libslirp (4.3.1-1ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: DoS via buffer overread
    - debian/patches/CVE-2020-29129_30.patch: check pkt_len before reading
      protocol header in src/ncsi.c, src/slirp.c.
    - CVE-2020-29129
    - CVE-2020-29130
  * SECURITY UPDATE: data leak in bootp_input()
    - debian/patches/CVE-2021-3592-1.patch: add mtod_check() to src/mbuf.*.
    - debian/patches/CVE-2021-3592-2.patch: limit vendor-specific area to
      input packet memory buffer in src/bootp.*, src/mbuf.*.
    - debian/patches/CVE-2021-3592-3.patch: check bootp_input buffer size
      in src/bootp.c.
    - debian/patches/CVE-2021-3592-4.patch: fix regression in dhcp in
      src/bootp.c.
    - CVE-2021-3592
  * SECURITY UPDATE: data leak in udp6_input()
    - debian/patches/CVE-2021-3593.patch: check udp6_input buffer size in
      src/udp6.c.
    - CVE-2021-3593
  * SECURITY UPDATE: data leak in udp_input()
    - debian/patches/CVE-2021-3594.patch: check upd_input buffer size in
      src/udp.c.
    - CVE-2021-3594
  * SECURITY UPDATE: data leak in tftp_input()
    - debian/patches/CVE-2021-3595-1.patch: check tftp_input buffer size in
      src/tftp.c.
    - debian/patches/CVE-2021-3595-2.patch: introduce a header structure in
      src/tftp.*.
    - CVE-2021-3595

 -- Marc Deslauriers <email address hidden>  Mon, 21 Jun 2021 08:25:24 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Groovy
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Groovy updates main misc
Groovy security main misc

Downloads

File Size SHA-256 Checksum
libslirp_4.3.1.orig.tar.xz 96.7 KiB 388b4b08a8cc0996cc5155cb027a097dc1a7f2cfe84b1121496608ab5366cc48
libslirp_4.3.1-1ubuntu0.1.debian.tar.xz 8.9 KiB 536653ce5ee12fa8886a719bc1e3e4e03fbcf1a56ccb0976bb378db35b06e09b
libslirp_4.3.1-1ubuntu0.1.dsc 2.1 KiB 354774cafc983de1e5c79c787f3b373f8ed53bf63409f87403579be966522a8b

View changes file

Binary packages built by this source

libslirp-dev: General purpose TCP-IP emulator library (development files)

 libslirp is a user-mode networking library used by virtual machines,
 containers or various tools.
 .
 This package contains the header files and other files
 needed to compile applications which uses libslirp.

libslirp0: General purpose TCP-IP emulator library

 libslirp is a user-mode networking library used by virtual machines,
 containers or various tools.
 .
 This package contains the library itself.

libslirp0-dbgsym: debug symbols for libslirp0