diff options
author | Marc-André Lureau | 2020-11-27 17:57:07 +0100 |
---|---|---|
committer | Marc-André Lureau | 2020-11-27 17:57:11 +0100 |
commit | 37c0c885d19a4c2d69faed891b5c02aaffbdccfb (patch) | |
tree | dbc063a4ec7f1f4636dd807629de6d5157569b57 | |
parent | Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20201127-pull-request... (diff) | |
download | qemu-37c0c885d19a4c2d69faed891b5c02aaffbdccfb.tar.gz qemu-37c0c885d19a4c2d69faed891b5c02aaffbdccfb.tar.xz qemu-37c0c885d19a4c2d69faed891b5c02aaffbdccfb.zip |
slirp: update to fix CVE-2020-29129 CVE-2020-29130
An out-of-bounds access issue was found in the SLIRP user networking
implementation of QEMU. It could occur while processing ARP/NCSI
packets, if the packet length was shorter than required to accommodate
respective protocol headers and payload. A privileged guest user may use
this flaw to potentially leak host information bytes.
Marc-André Lureau (1):
Merge branch 'stable-4.2' into 'stable-4.2'
Prasad J Pandit (1):
slirp: check pkt_len before reading protocol header
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
m--------- | slirp | 0 |
1 files changed, 0 insertions, 0 deletions
diff --git a/slirp b/slirp -Subproject ce94eba2042d52a0ba3d9e252ebce86715e9427 +Subproject 8f43a99191afb47ca3f3c6972f6306209f367ec |