[Git][security-tracker-team/security-tracker][master] Add CVE-2020-10756/libslirp

Salvatore Bonaccorso carnil at debian.org
Sun Jun 7 08:08:27 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4039dbc8 by Salvatore Bonaccorso at 2020-06-07T09:05:20+02:00
Add CVE-2020-10756/libslirp

The issue consists in libslrip, while processing incoming ICMPv6 echo
requests, not validating the IPv6 payload length (ip->ip_pl) in the
icmp6_send_echoreply() function.

libslirp, qemu and slirp4netns have the problem, but src:slirp is not
added as the vulnerable code is not present. OTOH, qemu and slirp4netns
fortunately already switched to the system library in a more recent
update and so track the switching version instead as fixed (altough not
fully correct, as still unpatched source-wise).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9048,8 +9048,17 @@ CVE-2020-10757
 	RESERVED
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
-CVE-2020-10756
+CVE-2020-10756 [lirp: networking out-of-bounds read information disclosure vulnerability]
 	RESERVED
+	- libslirp <unfixed>
+	- qemu 1:4.1-2
+	[buster] - qemu <postponed> (Minor issue)
+	[stretch] - qemu <postponed> (Minor issue)
+	- slirp4netns 1.0.1-1
+	[buster] - slirp4netns <no-dsa> (Minor issue)
+	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+	NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
 CVE-2020-10755
 	RESERVED
 	- cinder <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4039dbc8753b051f252be8382d1cad1bf53789d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4039dbc8753b051f252be8382d1cad1bf53789d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200607/0bbab969/attachment.html>

More information about the debian-security-tracker-commits mailing list