Debian Bug report logs -
#949084
libslirp: CVE-2020-7039
Package:
src:libslirp;
Maintainer for src:libslirp is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 16 Jan 2020 19:51:01 UTC
Severity: grave
Tags: security, upstream
Found in version ...
Several security issues were fixed in QEMU ...
Two security issues have been found in the SLiRP networking
implementation of QEMU, a fast processor emulator, which could result
in the execution of arbitrary code or denial of service
For the oldstable distribution (stretch), these problems have been fixed
in version 1:28+dfsg-6+deb9u9
For the stable distribution (buster), these problems have ...
tcp_emu in tcp_subrc in libslirp 410, as used in QEMU 420, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code (CVE-2020-7039)
An out-of-bounds heap buffer access flaw was found in the way the iS ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: container-tools:10 security update
Type/Severity
Security Advisory: Important
Topic
An update for the container-tools:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabilit ...
Synopsis
Important: container-tools:rhel8 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Im ...
Synopsis
Important: qemu-kvm-rhev bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerabilit ...
Synopsis
Important: qemu-kvm-ma security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: virt:rhel security update
Type/Severity
Security Advisory: Important
Topic
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impac ...
Synopsis
Important: qemu-kvm security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: virt:81 security update
Type/Severity
Security Advisory: Important
Topic
An update for the virt:81 module is now available for Advanced Virtualization for RHEL 811Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Synopsis
Important: slirp4netns security update
Type/Severity
Security Advisory: Important
Topic
An update for slirp4netns is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform13 (Queens)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sys ...
In libslirp 410, as used in QEMU 420, tcp_subrc misuses snprintf return values, leading to a buffer overflow in later code (CVE-2020-8608)
tcp_emu in tcp_subrc in libslirp 410, as used in QEMU 420, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC This can cause a heap-based buffer overflow or other out-of-bounds access ...
tcp_emu in slirp/tcp_subrc (aka slirp/src/tcp_subrc) in QEMU 300 uses uninitialized data in an snprintf call, leading to Information disclosure (CVE-2019-9824)
tcp_emu in tcp_subrc in libslirp 410, as used in QEMU 420, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC This can cause a heap-based buffer overflow or other o ...
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator This flaw occurs in the tcp_emu() routine while emulating IRC and other protocols An attacker could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential execution of arbitrary code with privileges of the ...