Debian Bug report logs -
#949084
libslirp: CVE-2020-7039
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 16 Jan 2020 19:51:01 UTC
Severity: grave
Tags: security, upstream
Found in version libslirp/4.1.0-1
Fixed in version libslirp/4.1.0-2
Done: Michael Tokarev <mjt@tls.msk.ru>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#949084; Package src:libslirp.
(Thu, 16 Jan 2020 19:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Thu, 16 Jan 2020 19:51:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libslirp
Version: 4.1.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerability was published for libslirp.
CVE-2020-7039[0]:
| OOB buffer access while emulating tcp protocols in tcp_emu()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-7039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7039
[1] https://www.openwall.com/lists/oss-security/2020/01/16/2
[2] https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
Regards,
Salvatore
Bug 949084 cloned as bug 949085
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 16 Jan 2020 20:03:01 GMT) (full text, mbox, link).
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Fri, 17 Jan 2020 11:57:13 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 17 Jan 2020 11:57:13 GMT) (full text, mbox, link).
Message #12 received at 949084-close@bugs.debian.org (full text, mbox, reply):
Source: libslirp
Source-Version: 4.1.0-2
We believe that the bug you reported is fixed in the latest version of
libslirp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 949084@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated libslirp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 17 Jan 2020 14:24:00 +0300
Source: libslirp
Architecture: source
Version: 4.1.0-2
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 949084
Changes:
libslirp (4.1.0-2) unstable; urgency=high
.
* Closes: #949084, CVE-2020-7039:
OOB buffer access while emulating tcp protocols in tcp_emu()
This includes 3 patches:
tcp_emu-fix-OOB-access-CVE-2020-7039.patch
slirp-use-correct-size-while-emulating-commands-CVE-2020-7039.patch
slirp-use-correct-size-while-emulating-IRC-commands-CVE-2020-7039.patch
Checksums-Sha1:
8b2a475ecfa7ce890c44574c28b293f5671fb38c 1673 libslirp_4.1.0-2.dsc
ca5b046c396a32d78a6ab15742be781e409ef229 5132 libslirp_4.1.0-2.debian.tar.xz
ab99757b31b2a76fa3b692631c45b9012bc8c2dd 6285 libslirp_4.1.0-2_source.buildinfo
Checksums-Sha256:
288303e048204581e4143fc01eea90a376917244e6201266a6a928ca2201387a 1673 libslirp_4.1.0-2.dsc
48bb87c4ef08554c0b21e68f6f388dcf1108477572f9b95c58e8c4e99642c3ad 5132 libslirp_4.1.0-2.debian.tar.xz
628ef027c0e3e78e6c1062aba87407a224715f8e65b41daf33826dcd1646510a 6285 libslirp_4.1.0-2_source.buildinfo
Files:
1998d87125a53b34358b2a2f2c70993c 1673 net optional libslirp_4.1.0-2.dsc
7094963c24d7319c5bf6b4846ca40eb8 5132 net optional libslirp_4.1.0-2.debian.tar.xz
c6e1bb5c39214759d5888d7f79999ec0 6285 net optional libslirp_4.1.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl4hmjIPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZjHUIAK9A2sw2RTOtCcYobG9AYsYJ0ySdKqVk11Kc
xxkBIoAR95W2BP01GGB27QmAfQ4owt6NaeB7/F2j0izY9cd+HBY7LrbUEBNm/Gy+
WHr/e4nKRhTL1MIUnKcbF2CiNC45BWAr2VA+C9lTvbkh4/d0xmc6DQPzsw7F4DoN
U2uqqFNPJ+yKxd/QroiHIluVTFcRrElWssS0BdCbHGq3UnFXAWQHowfoEPQ1/ZEM
pR6wo8sKwRwqb8PuygW1wf5Kr1mu+I49Ymhs3eRuds1StJ5BG057PEEYn1V00nyp
ODWczSna1PWWqdt9N1tNlbxGI2V9KqqWEsrtuXYXAh/TkH027rw=
=pb/e
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Jan 24 08:05:40 2020;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon