Bugzilla – Bug 1172380
VUL-0: CVE-2020-10756: libslirp, slirp4netns, qemu: out-of-bounds read information disclosure in icmp6_send_echoreply()
Last modified: 2023-08-04 11:20:11 UTC
CVE-2020-10756 An out-of-bounds read vulnerability in function icmp6_send_echoreply() in ip6_icmp.c of libslirp could allow a guest user/process to leak contents of the host memory, leading to possible information disclosure. References: https://bugzilla.redhat.com/show_bug.cgi?id=1835986 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10756 https://access.redhat.com/security/cve/CVE-2020-10756
I guess this is supposed to address the issue: https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/42
(In reply to Ralf Haferkamp from comment #2) > I guess this is supposed to address the issue: > > https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/42 As there was some push back for the above patch I submitted in alternative one: https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/44 This one just got merged. I'll submit fixed libslirp/slirp4netns packages asap.
This is now upstream as commit c7ede54cbd2e2b25385325600958ba0124e31cc0 I'll backport this patch to qemu versions which do not yet use libslirp.
Here is security advisory for slirp4netns: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-96c5-v27g-58vf TLDR: It wasn't really possible to enable IPv6 in slirp4netns because of a bug. Which now got fixed. So most likely no real-life setup was affected by this. (I am going to submit packages with both issues fixed)
SUSE-SU-2020:1915-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1172380 CVE References: CVE-2020-10756 Sources used: SUSE Linux Enterprise Module for Containers 15-SP2 (src): slirp4netns-0.4.7-3.12.1 SUSE Linux Enterprise Module for Containers 15-SP1 (src): slirp4netns-0.4.7-3.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0987-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1172380 CVE References: CVE-2020-10756 Sources used: openSUSE Leap 15.1 (src): slirp4netns-0.4.7-lp151.2.12.1
openSUSE-SU-2020:0994-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1172380 CVE References: CVE-2020-10756 Sources used: openSUSE Leap 15.2 (src): slirp4netns-0.4.7-lp152.2.3.1
Thanks for pointing out that we've missed this. We'll get this submitted with next round of updates.
SUSE-SU-2021:1829-1: An update that solves 11 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1031692,1094725,1126455,1149813,1163019,1172380,1172382,1175534,1178935,1179477,1181933,1182846,1182975 CVE References: CVE-2019-15890,CVE-2019-8934,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25723,CVE-2020-29130,CVE-2020-8608,CVE-2021-20221,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): qemu-2.6.2-41.65.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1837-1: An update that solves 11 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1149813,1163019,1172380,1175534,1176681,1178683,1178935,1179477,1179484,1179725,1182846,1182975,1186290 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): qemu-3.1.1.1-51.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1893-1: An update that solves 11 vulnerabilities, contains one feature and has two fixes is now available. Category: security (important) Bug References: 1149813,1163019,1172380,1175534,1176681,1178683,1178935,1179477,1179484,1182846,1182975,1183979,1186290 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419 JIRA References: SLE-17785 Sources used: SUSE MicroOS 5.0 (src): qemu-4.2.1-11.19.2 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): qemu-4.2.1-11.19.2 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): qemu-4.2.1-11.19.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1894-1: An update that solves 11 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1094725,1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1181933,1182846,1182975 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29130,CVE-2020-8608,CVE-2021-20221,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): qemu-2.9.1-6.50.1 SUSE OpenStack Cloud 8 (src): qemu-2.9.1-6.50.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): qemu-2.9.1-6.50.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): qemu-2.9.1-6.50.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): qemu-2.9.1-6.50.1 HPE Helion Openstack 8 (src): qemu-2.9.1-6.50.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1895-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): qemu-2.11.2-9.46.1 SUSE Linux Enterprise Server 15-LTSS (src): qemu-2.11.2-9.46.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): qemu-2.11.2-9.46.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): qemu-2.11.2-9.46.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1918-1: An update that fixes 10 vulnerabilities is now available. Category: security (important) Bug References: 1149813,1163019,1172380,1175534,1178683,1178935,1179477,1179484,1182846,1182975 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE Manager Server 4.0 (src): qemu-3.1.1.1-9.27.2 SUSE Manager Retail Branch Server 4.0 (src): qemu-3.1.1.1-9.27.2 SUSE Manager Proxy 4.0 (src): qemu-3.1.1.1-9.27.2 SUSE Linux Enterprise Server for SAP 15-SP1 (src): qemu-3.1.1.1-9.27.2 SUSE Linux Enterprise Server 15-SP1-LTSS (src): qemu-3.1.1.1-9.27.2 SUSE Linux Enterprise Server 15-SP1-BCL (src): qemu-3.1.1.1-9.27.2 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): qemu-3.1.1.1-9.27.2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): qemu-3.1.1.1-9.27.2 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): qemu-3.1.1.1-9.27.2 SUSE Enterprise Storage 6 (src): qemu-3.1.1.1-9.27.2 SUSE CaaS Platform 4.0 (src): qemu-3.1.1.1-9.27.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1947-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1149813,1163019,1172380,1172382,1175534,1178683,1178935,1179477,1179484,1182846,1182975 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-13754,CVE-2020-14364,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): qemu-2.11.2-5.32.1 SUSE OpenStack Cloud 9 (src): qemu-2.11.2-5.32.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): qemu-2.11.2-5.32.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): qemu-2.11.2-5.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1043-1: An update that solves 14 vulnerabilities, contains one feature and has 5 fixes is now available. Category: security (moderate) Bug References: 1149813,1163019,1172380,1175534,1176681,1178683,1178935,1179477,1179484,1182846,1182975,1183979,1184574,1185591,1185981,1185990,1186010,1186290,1187013 CVE References: CVE-2019-15890,CVE-2020-10756,CVE-2020-14364,CVE-2020-25085,CVE-2020-25707,CVE-2020-25723,CVE-2020-29129,CVE-2020-29130,CVE-2020-8608,CVE-2021-20257,CVE-2021-3419,CVE-2021-3544,CVE-2021-3545,CVE-2021-3546 JIRA References: SLE-17785 Sources used: openSUSE Leap 15.2 (src): qemu-4.2.1-lp152.9.16.2, qemu-linux-user-4.2.1-lp152.9.16.1, qemu-testsuite-4.2.1-lp152.9.16.7
Re-assigning to Security Team, as I think this is done. Or did I miss any still missing backport?