slirp: update to fix CVE-2020-29129 CVE-2020-29130

An out-of-bounds access issue was found in the SLIRP user networking
implementation of QEMU. It could occur while processing ARP/NCSI
packets, if the packet length was shorter than required to accommodate
respective protocol headers and payload. A privileged guest user may use
this flaw to potentially leak host information bytes.

Marc-André Lureau (1):
      Merge branch 'stable-4.2' into 'stable-4.2'

Prasad J Pandit (1):
      slirp: check pkt_len before reading protocol header

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

This commit is contained in:

Marc-André Lureau

2020-11-27 20:57:07 +04:00

parent ea8208249d

commit 37c0c885d1

1 changed files with 1 additions and 1 deletions

2

slirp

 @ -1 +1 @@
 Subproject commit ce94eba2042d52a0ba3d9e252ebce86715e94275
 Subproject commit 8f43a99191afb47ca3f3c6972f6306209f367ece

slirp: update to fix CVE-2020-29129 CVE-2020-29130

2 slirp

2

slirp