[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 37c0c8: slirp: update to fix CVE-2020-29129 C
From: |
Peter Maydell |
Subject: |
[Qemu-commits] [qemu/qemu] 37c0c8: slirp: update to fix CVE-2020-29129 CVE-2020-29130 |
Date: |
Fri, 27 Nov 2020 09:38:22 -0800 |
Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: 37c0c885d19a4c2d69faed891b5c02aaffbdccfb
https://github.com/qemu/qemu/commit/37c0c885d19a4c2d69faed891b5c02aaffbdccfb
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2020-11-27 (Fri, 27 Nov 2020)
Changed paths:
M slirp
Log Message:
-----------
slirp: update to fix CVE-2020-29129 CVE-2020-29130
An out-of-bounds access issue was found in the SLIRP user networking
implementation of QEMU. It could occur while processing ARP/NCSI
packets, if the packet length was shorter than required to accommodate
respective protocol headers and payload. A privileged guest user may use
this flaw to potentially leak host information bytes.
Marc-André Lureau (1):
Merge branch 'stable-4.2' into 'stable-4.2'
Prasad J Pandit (1):
slirp: check pkt_len before reading protocol header
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Commit: 944fdc5e27a5b5adbb765891e8e70e88ba9a00ec
https://github.com/qemu/qemu/commit/944fdc5e27a5b5adbb765891e8e70e88ba9a00ec
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2020-11-27 (Fri, 27 Nov 2020)
Changed paths:
M slirp
Log Message:
-----------
Merge remote-tracking branch 'remotes/elmarco/tags/libslirp-pull-request'
into staging
# gpg: Signature made Fri 27 Nov 2020 17:06:28 GMT
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>"
[full]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>"
[full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* remotes/elmarco/tags/libslirp-pull-request:
slirp: update to fix CVE-2020-29129 CVE-2020-29130
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/ea8208249d10...944fdc5e27a5
- [Qemu-commits] [qemu/qemu] 37c0c8: slirp: update to fix CVE-2020-29129 CVE-2020-29130,
Peter Maydell <=