SUSE-SU-2020:1915-1

Опубликовано: 15 июл. 2020

Источник: suse-cvrf

Описание

Security update for slirp4netns

This update for slirp4netns fixes the following issues:

Update to 0.4.7 (bsc#1172380)
- libslirp: update to v4.3.1 (Fix CVE-2020-10756)
- Fix config_from_options() to correctly enable ipv6

Список пакетов

SUSE Linux Enterprise Module for Containers 15 SP1

slirp4netns-0.4.7-3.12.1

SUSE Linux Enterprise Module for Containers 15 SP2

slirp4netns-0.4.7-3.12.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201915-1/
Link for SUSE-SU-2020:1915-1
https://lists.suse.com/pipermail/sle-security-updates/2020-July/007130.html
E-Mail link for SUSE-SU-2020:1915-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172380
SUSE Bug 1172380
https://www.suse.com/security/cve/CVE-2020-10756/
SUSE CVE CVE-2020-10756 page

Описание

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

Затронутые продукты

SUSE Linux Enterprise Module for Containers 15 SP1:slirp4netns-0.4.7-3.12.1

SUSE Linux Enterprise Module for Containers 15 SP2:slirp4netns-0.4.7-3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-10756.html
CVE-2020-10756
https://bugzilla.suse.com/1172380
SUSE Bug 1172380
https://bugzilla.suse.com/1184743
SUSE Bug 1184743

SUSE-SU-2020:1915-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Containers 15 SP1

SUSE Linux Enterprise Module for Containers 15 SP2

Ссылки

Уязвимость: CVE-2020-10756

Описание

Затронутые продукты

Ссылки