--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-71de23bedd
2021-07-04 01:08:30.659322
--------------------------------------------------------------------------------
Name : libslirp
Product : Fedora 33
Version : 4.3.1
Release : 5.fc33
URL :
https://gitlab.freedesktop.org/slirp/libslirp
Summary : A general purpose TCP-IP emulator
Description :
A general purpose TCP-IP emulator used by virtual machine hypervisors
to provide virtual networking services.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 18 2021 Marc-Andr�� Lureau <marcandre.lureau(a)redhat.com> - 4.3.1-5
- Fix DHCP regression from CVE backports.
* Tue Jun 15 2021 Marc-Andr�� Lureau <marcandre.lureau(a)redhat.com> - 4.3.1-4
- Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access
rhbz#1972249 rhbz#1972250 rhbz#1972252 rhbz#1972243
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1972243 - CVE-2021-3595 libslirp: QEMU: slirp: invalid pointer initialization
may lead to information disclosure (tftp) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1972243
[ 2 ] Bug #1972249 - CVE-2021-3592 libslirp: QEMU: slirp: invalid pointer initialization
may lead to information disclosure (bootp) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1972249
[ 3 ] Bug #1972250 - CVE-2021-3593 libslirp: QEMU: slirp: invalid pointer initialization
may lead to information disclosure (udp6) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1972250
[ 4 ] Bug #1972252 - CVE-2021-3594 libslirp: QEMU: slirp: invalid pointer initialization
may lead to information disclosure (udp) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1972252
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-71de23bedd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------