qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 37c0c8: slirp: update to fix CVE-2020-29129 C


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 37c0c8: slirp: update to fix CVE-2020-29129 CVE-2020-29130
Date: Fri, 27 Nov 2020 09:38:22 -0800

  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: 37c0c885d19a4c2d69faed891b5c02aaffbdccfb
      
https://github.com/qemu/qemu/commit/37c0c885d19a4c2d69faed891b5c02aaffbdccfb
  Author: Marc-André Lureau <marcandre.lureau@redhat.com>
  Date:   2020-11-27 (Fri, 27 Nov 2020)

  Changed paths:
    M slirp

  Log Message:
  -----------
  slirp: update to fix CVE-2020-29129 CVE-2020-29130

An out-of-bounds access issue was found in the SLIRP user networking
implementation of QEMU. It could occur while processing ARP/NCSI
packets, if the packet length was shorter than required to accommodate
respective protocol headers and payload. A privileged guest user may use
this flaw to potentially leak host information bytes.

Marc-André Lureau (1):
      Merge branch 'stable-4.2' into 'stable-4.2'

Prasad J Pandit (1):
      slirp: check pkt_len before reading protocol header

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>


  Commit: 944fdc5e27a5b5adbb765891e8e70e88ba9a00ec
      
https://github.com/qemu/qemu/commit/944fdc5e27a5b5adbb765891e8e70e88ba9a00ec
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2020-11-27 (Fri, 27 Nov 2020)

  Changed paths:
    M slirp

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/elmarco/tags/libslirp-pull-request' 
into staging

# gpg: Signature made Fri 27 Nov 2020 17:06:28 GMT
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" 
[full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" 
[full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/elmarco/tags/libslirp-pull-request:
  slirp: update to fix CVE-2020-29129 CVE-2020-29130

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/ea8208249d10...944fdc5e27a5



reply via email to

[Prev in Thread] Current Thread [Next in Thread]