libslirp-devel-4.7.0+44-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12529-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libslirp-devel-4.7.0+44-3.1 on GA media These are all security issues fixed in the libslirp-devel-4.7.0+44-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12529 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-3592/ SUSE CVE CVE-2021-3592 page https://www.suse.com/security/cve/CVE-2021-3594/ SUSE CVE CVE-2021-3594 page openSUSE Tumbleweed libslirp-devel-4.7.0+44-3.1 libslirp0-4.7.0+44-3.1 libslirp-devel-4.7.0+44-3.1 as a component of openSUSE Tumbleweed libslirp0-4.7.0+44-3.1 as a component of openSUSE Tumbleweed An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVE-2021-3592 openSUSE Tumbleweed:libslirp-devel-4.7.0+44-3.1 openSUSE Tumbleweed:libslirp0-4.7.0+44-3.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3592.html CVE-2021-3592 https://bugzilla.suse.com/1187364 SUSE Bug 1187364 https://bugzilla.suse.com/1187369 SUSE Bug 1187369 An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. CVE-2021-3594 openSUSE Tumbleweed:libslirp-devel-4.7.0+44-3.1 openSUSE Tumbleweed:libslirp0-4.7.0+44-3.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3594.html CVE-2021-3594 https://bugzilla.suse.com/1187367 SUSE Bug 1187367