* [PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130
@ 2020-11-27 17:08 marcandre.lureau
2020-11-27 17:08 ` [PULL 1/1] slirp: update to fix " marcandre.lureau
2020-11-27 18:52 ` [PULL 0/1] Libslirp " Peter Maydell
0 siblings, 2 replies; 3+ messages in thread
From: marcandre.lureau @ 2020-11-27 17:08 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
The following changes since commit ea8208249d1082eae0444934efb3b59cd3183f05:
Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20201127-pull-request' into staging (2020-11-27 11:11:43 +0000)
are available in the Git repository at:
git@github.com:elmarco/qemu.git tags/libslirp-pull-request
for you to fetch changes up to 37c0c885d19a4c2d69faed891b5c02aaffbdccfb:
slirp: update to fix CVE-2020-29129 CVE-2020-29130 (2020-11-27 20:57:11 +0400)
----------------------------------------------------------------
----------------------------------------------------------------
Marc-André Lureau (1):
slirp: update to fix CVE-2020-29129 CVE-2020-29130
slirp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.29.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PULL 1/1] slirp: update to fix CVE-2020-29129 CVE-2020-29130
2020-11-27 17:08 [PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130 marcandre.lureau
@ 2020-11-27 17:08 ` marcandre.lureau
2020-11-27 18:52 ` [PULL 0/1] Libslirp " Peter Maydell
1 sibling, 0 replies; 3+ messages in thread
From: marcandre.lureau @ 2020-11-27 17:08 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell, Marc-André Lureau
From: Marc-André Lureau <marcandre.lureau@redhat.com>
An out-of-bounds access issue was found in the SLIRP user networking
implementation of QEMU. It could occur while processing ARP/NCSI
packets, if the packet length was shorter than required to accommodate
respective protocol headers and payload. A privileged guest user may use
this flaw to potentially leak host information bytes.
Marc-André Lureau (1):
Merge branch 'stable-4.2' into 'stable-4.2'
Prasad J Pandit (1):
slirp: check pkt_len before reading protocol header
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
slirp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/slirp b/slirp
index ce94eba204..8f43a99191 160000
--- a/slirp
+++ b/slirp
@@ -1 +1 @@
-Subproject commit ce94eba2042d52a0ba3d9e252ebce86715e94275
+Subproject commit 8f43a99191afb47ca3f3c6972f6306209f367ece
--
2.29.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130
2020-11-27 17:08 [PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130 marcandre.lureau
2020-11-27 17:08 ` [PULL 1/1] slirp: update to fix " marcandre.lureau
@ 2020-11-27 18:52 ` Peter Maydell
1 sibling, 0 replies; 3+ messages in thread
From: Peter Maydell @ 2020-11-27 18:52 UTC (permalink / raw)
To: Marc-André Lureau; +Cc: QEMU Developers
On Fri, 27 Nov 2020 at 17:08, <marcandre.lureau@redhat.com> wrote:
>
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> The following changes since commit ea8208249d1082eae0444934efb3b59cd3183f05:
>
> Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20201127-pull-request' into staging (2020-11-27 11:11:43 +0000)
>
> are available in the Git repository at:
>
> git@github.com:elmarco/qemu.git tags/libslirp-pull-request
>
> for you to fetch changes up to 37c0c885d19a4c2d69faed891b5c02aaffbdccfb:
>
> slirp: update to fix CVE-2020-29129 CVE-2020-29130 (2020-11-27 20:57:11 +0400)
>
> ----------------------------------------------------------------
>
> ----------------------------------------------------------------
>
> Marc-André Lureau (1):
> slirp: update to fix CVE-2020-29129 CVE-2020-29130
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.2
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-11-27 18:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-27 17:08 [PULL 0/1] Libslirp CVE-2020-29129 CVE-2020-29130 marcandre.lureau
2020-11-27 17:08 ` [PULL 1/1] slirp: update to fix " marcandre.lureau
2020-11-27 18:52 ` [PULL 0/1] Libslirp " Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.