Arch Linux 811 Published by

A libslirp security update has been released for Arch Linux.



ASA-202106-49: libslirp: information disclosure


Arch Linux Security Advisory ASA-202106-49
=========================================
Severity: Medium
Date : 2021-06-22
CVE-ID : CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595
Package : libslirp
Type : information disclosure
Remote : No
Link :   https://security.archlinux.org/AVG-2073

Summary
======
The package libslirp before version 4.6.0-1 is vulnerable to
information disclosure.

Resolution
=========
Upgrade to 4.6.0-1.

# pacman -Syu "libslirp>=4.6.0-1"

The problems have been fixed upstream in version 4.6.0.

Workaround
=========
None.

Description
==========
- CVE-2021-3592 (information disclosure)

An invalid pointer initialization issue was found in the SLiRP
networking implementation of QEMU before version 4.6.0. The flaw exists
in the bootp_input() function and could occur while processing a UDP
packet that is smaller than the size of the 'bootp_t' structure. A
malicious guest could use this flaw to leak 10 bytes of uninitialized
heap memory from the host.

- CVE-2021-3593 (information disclosure)

An invalid pointer initialization issue was found in the SLiRP
networking implementation of QEMU before version 4.6.0. The flaw exists
in the udp6_input() function and could occur while processing a UDP
packet that is smaller than the size of the 'udphdr' structure. This
issue may lead to out-of-bounds read access or indirect host memory
disclosure to the guest.

- CVE-2021-3594 (information disclosure)

An invalid pointer initialization issue was found in the SLiRP
networking implementation of QEMU before version 4.6.0. The flaw exists
in the udp_input() function and could occur while processing a UDP
packet that is smaller than the size of the 'udphdr' structure. This
issue may lead to out-of-bounds read access or indirect host memory
disclosure to the guest.

- CVE-2021-3595 (information disclosure)

An invalid pointer initialization issue was found in the SLiRP
networking implementation of QEMU before version 4.6.0. The flaw exists
in the tftp_input() function and could occur while processing a UDP
packet that is smaller than the size of the 'tftp_t' structure. This
issue may lead to out-of-bounds read access or indirect host memory
disclosure to the guest.

Impact
=====
A malicious guest could disclose contents of the host's memory using
crafted UDP packets.

References
=========
  https://bugzilla.redhat.com/show_bug.cgi?id70484
  https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44
  https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
  https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275
  https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c
  https://bugzilla.redhat.com/show_bug.cgi?id70487
  https://gitlab.freedesktop.org/slirp/libslirp/-/issues/45
  https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b
  https://bugzilla.redhat.com/show_bug.cgi?id70491
  https://gitlab.freedesktop.org/slirp/libslirp/-/issues/47
  https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824
  https://bugzilla.redhat.com/show_bug.cgi?id70489
  https://gitlab.freedesktop.org/slirp/libslirp/-/issues/46
  https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d
  https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30
  https://security.archlinux.org/CVE-2021-3592
  https://security.archlinux.org/CVE-2021-3593
  https://security.archlinux.org/CVE-2021-3594
  https://security.archlinux.org/CVE-2021-3595