[Git][security-tracker-team/security-tracker][master] Add additional references for slirp4netns/libslirp issues

Salvatore Bonaccorso carnil at debian.org
Wed Mar 24 19:06:50 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b30c5ae9 by Salvatore Bonaccorso at 2021-03-24T20:05:57+01:00
Add additional references for slirp4netns/libslirp issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26410,6 +26410,7 @@ CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f (v4.4.0)
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3
 CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ...)
 	- libslirp 4.4.0-1
 	- qemu 1:4.1-2
@@ -26418,6 +26419,7 @@ CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f (v4.4.0)
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
 	NOTE: NC-SI introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=47bb83cad45eb7ce194a8ffd18f73c98edb46aec (QEMU v2.10)
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3
 CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of entitie ...)
 	NOT-FOR-US: petl
 CVE-2020-29127 (An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices th ...)
@@ -73871,6 +73873,7 @@ CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP netwo
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
 	NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-96c5-v27g-58vf
 CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder version ...)
 	- cinder 2:16.1.0-1 (low)
 	[buster] - cinder <no-dsa> (Minor issue)
@@ -79234,6 +79237,7 @@ CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snpr
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
 	NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99
 CVE-2020-8607 (An input validation vulnerability found in multiple Trend Micro produc ...)
 	NOT-FOR-US: Trend Micro
 CVE-2020-8606 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
@@ -83190,6 +83194,7 @@ CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, m
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vjwg-42w7-w64h
 CVE-2020-7038
 	RESERVED
 CVE-2020-7037
@@ -96712,6 +96717,7 @@ CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of lib
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed
 	NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99
 CVE-2020-1982 (Certain communication between PAN-OS and cloud-delivered services inad ...)
 	NOT-FOR-US: PAN-OS
 CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local  ...)
@@ -111114,6 +111120,7 @@ CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in i
 	NOTE: https://www.openwall.com/lists/oss-security/2019/09/06/3
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/c59279437eda91841b9d26079c70b8a540d41204
 	NOTE: 1:4.1-2 switched to system libslirp, marking that version as fixed
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-jx98-2j5v-w265
 CVE-2019-15889 (The download-manager plugin before 2.9.94 for WordPress has XSS via th ...)
 	NOT-FOR-US: download-manager plugin for WordPress
 CVE-2019-15888
@@ -116669,6 +116676,7 @@ CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer
 	- slirp4netns 0.3.2-1 (bug #933742)
 	[buster] - slirp4netns 0.2.3-1
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-gjwp-vf65-3jqf
 CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...)
 	NOT-FOR-US: cPanel
 CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the context of ...)
@@ -131339,6 +131347,7 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html
 	NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1
 	NOTE: https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vp7q-v36g-7vq7
 CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run confi ...)
 	- intellij-idea <itp> (bug #747616)
 CVE-2019-9822
@@ -139634,6 +139643,7 @@ CVE-2019-6778 (In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffe
 	- slirp4netns 0.2.1-1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=a7104eda7dab99d0cdbd3595c211864cba415905
+	NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-j2r5-xwp8-m8m9
 CVE-2019-6777 (An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in ...)
 	- zoneminder 1.32.3-2 (bug #920375)
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b30c5ae9d03e3d2370716d09b2f334229dcd218c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b30c5ae9d03e3d2370716d09b2f334229dcd218c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210324/1ef1451e/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list