Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b30c5ae9 by Salvatore Bonaccorso at 2021-03-24T20:05:57+01:00
Add additional references for slirp4netns/libslirp issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26410,6 +26410,7 @@ CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a
buffer over-read because
[buster] - qemu <postponed> (Fix along in future DSA)
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f
(v4.4.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3
CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read
because it tri ...)
- libslirp 4.4.0-1
- qemu 1:4.1-2
@@ -26418,6 +26419,7 @@ CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a
buffer over-read because
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f
(v4.4.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
NOTE: NC-SI introduced in:
https://git.qemu.org/?p=qemu.git;a=commit;h=47bb83cad45eb7ce194a8ffd18f73c98edb46aec
(QEMU v2.10)
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3
CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of
entitie ...)
NOT-FOR-US: petl
CVE-2020-29127 (An issue was discovered on Fujitsu Eternus Storage DX200 S4
devices th ...)
@@ -73871,6 +73873,7 @@ CVE-2020-10756 (An out-of-bounds read vulnerability was
found in the SLiRP netwo
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that
version as fixed.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-96c5-v27g-58vf
CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder
version ...)
- cinder 2:16.1.0-1 (low)
[buster] - cinder <no-dsa> (Minor issue)
@@ -79234,6 +79237,7 @@ CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU
4.2.0, tcp_subr.c misuses snpr
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that
version as fixed.
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99
CVE-2020-8607 (An input validation vulnerability found in multiple Trend Micro
produc ...)
NOT-FOR-US: Trend Micro
CVE-2020-8606 (A vulnerability in Trend Micro InterScan Web Security Virtual
Applianc ...)
@@ -83190,6 +83194,7 @@ CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0,
as used in QEMU 4.2.0, m
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vjwg-42w7-w64h
CVE-2020-7038
RESERVED
CVE-2020-7037
@@ -96712,6 +96717,7 @@ CVE-2020-1983 (A use after free vulnerability in
ip_reass() in ip_input.c of lib
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed
NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that
version as fixed.
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99
CVE-2020-1982 (Certain communication between PAN-OS and cloud-delivered
services inad ...)
NOT-FOR-US: PAN-OS
CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows
local ...)
@@ -111114,6 +111120,7 @@ CVE-2019-15890 (libslirp 4.0.0, as used in QEMU
4.1.0, has a use-after-free in i
NOTE: https://www.openwall.com/lists/oss-security/2019/09/06/3
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/commit/c59279437eda91841b9d26079c70b8a540d41204
NOTE: 1:4.1-2 switched to system libslirp, marking that version as fixed
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-jx98-2j5v-w265
CVE-2019-15889 (The download-manager plugin before 2.9.94 for WordPress has
XSS via th ...)
NOT-FOR-US: download-manager plugin for WordPress
CVE-2019-15888
@@ -116669,6 +116676,7 @@ CVE-2019-14378 (ip_reass in ip_input.c in libslirp
4.0.0 has a heap-based buffer
- slirp4netns 0.3.2-1 (bug #933742)
[buster] - slirp4netns 0.2.3-1
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-gjwp-vf65-3jqf
CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables
debug log ...)
NOT-FOR-US: cPanel
CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the
context of ...)
@@ -131339,6 +131347,7 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka
slirp/src/tcp_subr.c) in QEMU 3.
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html
NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1
NOTE:
https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vp7q-v36g-7vq7
CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote
run confi ...)
- intellij-idea <itp> (bug #747616)
CVE-2019-9822
@@ -139634,6 +139643,7 @@ CVE-2019-6778 (In QEMU 3.0.0, tcp_emu in
slirp/tcp_subr.c has a heap-based buffe
- slirp4netns 0.2.1-1
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=a7104eda7dab99d0cdbd3595c211864cba415905
+ NOTE:
https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-j2r5-xwp8-m8m9
CVE-2019-6777 (An issue was discovered in ZoneMinder v1.32.3. Reflected XSS
exists in ...)
- zoneminder 1.32.3-2 (bug #920375)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b30c5ae9d03e3d2370716d09b2f334229dcd218c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b30c5ae9d03e3d2370716d09b2f334229dcd218c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
