Security update for slirp4netns SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0987-1 Final 1 1 2020-07-18T10:27:33Z current 2020-07-18T10:27:33Z 2020-07-18T10:27:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for slirp4netns This update for slirp4netns fixes the following issues: - Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6 This update was imported from the SUSE:SLE-15-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-987 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2LGQFHPBFDVZIRS6F36METAFQR7AE43/ E-Mail link for openSUSE-SU-2020:0987-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1172380 SUSE Bug 1172380 https://www.suse.com/security/cve/CVE-2020-10756/ SUSE CVE CVE-2020-10756 page openSUSE Leap 15.1 slirp4netns-0.4.7-lp151.2.12.1 slirp4netns-0.4.7-lp151.2.12.1 as a component of openSUSE Leap 15.1 An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. CVE-2020-10756 openSUSE Leap 15.1:slirp4netns-0.4.7-lp151.2.12.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H2LGQFHPBFDVZIRS6F36METAFQR7AE43/ https://www.suse.com/security/cve/CVE-2020-10756.html CVE-2020-10756 https://bugzilla.suse.com/1172380 SUSE Bug 1172380 https://bugzilla.suse.com/1184743 SUSE Bug 1184743