Subject: [ASA-202012-7] libslirp: information disclosure Arch Linux Security Advisory ASA-202012-7 ========================================= Severity: Medium Date : 2020-12-05 CVE-ID : CVE-2020-29129 CVE-2020-29130 Package : libslirp Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-1305 Summary ======= The package libslirp before version 4.4.0-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 4.4.0-1. # pacman -Syu "libslirp>=4.4.0-1" The problems have been fixed upstream in version 4.4.0. Workaround ========== None. Description =========== - CVE-2020-29129 (information disclosure) ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. A privileged guest user may use this flaw to potentially leak host information bytes. - CVE-2020-29130 (information disclosure) slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. A privileged guest user may use this flaw to potentially leak host information bytes. Impact ====== A privileged guest user may be able to access sensitive information from the host memory. References ========== https://www.openwall.com/lists/oss-security/2020/11/27/1 https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f https://git.qemu.org/?p=qemu.git;a=commitdiff;h=37c0c885d19a4c2d69faed891b5c02aaffbdccfb https://security.archlinux.org/CVE-2020-29129 https://security.archlinux.org/CVE-2020-29130