-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-71de23bedd 2021-07-04 01:08:30.659322 --------------------------------------------------------------------------------
Name : libslirp Product : Fedora 33 Version : 4.3.1 Release : 5.fc33 URL : https://gitlab.freedesktop.org/slirp/libslirp Summary : A general purpose TCP-IP emulator Description : A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services.
-------------------------------------------------------------------------------- Update Information:
Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 18 2021 Marc-Andr�� Lureau marcandre.lureau@redhat.com - 4.3.1-5 - Fix DHCP regression from CVE backports. * Tue Jun 15 2021 Marc-Andr�� Lureau marcandre.lureau@redhat.com - 4.3.1-4 - Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access rhbz#1972249 rhbz#1972250 rhbz#1972252 rhbz#1972243 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1972243 - CVE-2021-3595 libslirp: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1972243 [ 2 ] Bug #1972249 - CVE-2021-3592 libslirp: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1972249 [ 3 ] Bug #1972250 - CVE-2021-3593 libslirp: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1972250 [ 4 ] Bug #1972252 - CVE-2021-3594 libslirp: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1972252 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-71de23bedd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org