drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in libslirp
Name: |
Mehrere Probleme in libslirp |
|
ID: |
USN-5009-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 20.10, Ubuntu 21.04 |
|
Datum: |
Fr, 16. Juli 2021, 06:45 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3594 |
|
Applikationen: |
libslirp |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5942724541544188770== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HENJXq3QhxkZSThkyYRGpCWpukHRFZx31"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --HENJXq3QhxkZSThkyYRGpCWpukHRFZx31 Content-Type: multipart/mixed; boundary="W77Yscxy1MKJSfu7EITr1L9zRWoB8rSSX"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <54b06b60-eb3c-f716-7b63-cb63ac2e001f@canonical.com> Subject: [USN-5009-1] libslirp vulnerabilities
--W77Yscxy1MKJSfu7EITr1L9zRWoB8rSSX Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-5009-1 July 15, 2021
libslirp vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in libslirp.
Software Description: - libslirp: General purpose TCP-IP emulator library
Details:
Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-29129, CVE-2020-29130)
It was discovered that libslirp incorrectly handled certain udp packets. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: libslirp0 4.4.0-1ubuntu0.1
Ubuntu 20.10: libslirp0 4.3.1-1ubuntu0.1
Ubuntu 20.04 LTS: libslirp0 4.1.0-2ubuntu2.2
After a standard system update you need to reboot your computer to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5009-1 CVE-2020-29129, CVE-2020-29130, CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595
Package Information: https://launchpad.net/ubuntu/+source/libslirp/4.4.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libslirp/4.3.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libslirp/4.1.0-2ubuntu2.2
--W77Yscxy1MKJSfu7EITr1L9zRWoB8rSSX--
--HENJXq3QhxkZSThkyYRGpCWpukHRFZx31 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmDwhCMACgkQZWnYVadE vpMR0RAAqn3mMrCJuxJrLimMvEs8+cLVQgVQS6Xg7pvktmGqPjCUqPtLiQSHGcdf Er8r/U0nswiiPsLo78+vCeUzm+Mkzq/BKyBMtS/A1c+gOADWQ6PadycuI+WKGMqA BGCOjcfxdrZwDNEMBgE+oYGpupQgyalPOwYqELuw6n9hqOWP+0J4HFptOqdc70S3 sCalSthqdMFIqHCVs0pTaT9hA8nVz0frHp7KkErAjqWcQGeKvMaSOotUbZl9M9on 2Hu2xcrHHPaSIwOhGGYkm72g1Qm1NrUZBFTwyPHe/OOjnVm6QztIo+X/RagZf3Pz bP70u9uTsQFk+aXS/mdwYhl7J5hPNjLQt6Z0DgJZ6xE7ezTJ1ubUg8zrNfiACxG5 FVWn05V9nPKeB3LouUFE3XbV46tlJsQrqEztxVgiMwxLMdQpFNC8CYkA8NZBFi+O xZT1OrEYbYswtOlXBpvqTjbbWtZCagb4byHI1TZhGwFlA96YYWv+yvlJIpyS4BWZ V5vWwd8ZRDJEwC27WeHd9hfpiW69x0bf+dX8eXpassPKWYsmttwL+Ws8/3XGdnnU QMbpRLHqoq7pk4nr+6azlI11d8En0sOzUKVMNIs0gglRG2lGY6FMKi7x8h6+KsVL A9Bgmk6exhGG2q1SNUs6/49bo9Gf/oxhjbqYUYbBriA0s+Xbz0g= =xbTk -----END PGP SIGNATURE-----
--HENJXq3QhxkZSThkyYRGpCWpukHRFZx31--
--===============5942724541544188770== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============5942724541544188770==--
|
|
|
|