- Vulnerability/
- USN-5009-1
USN-5009-1: libslirp vulnerabilities
First published: Thu Jul 15 2021(Updated: )
Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-29129, CVE-2020-29130) It was discovered that libslirp incorrectly handled certain udp packets. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libslirp0 | <4.4.0-1ubuntu0.1 | 4.4.0-1ubuntu0.1 |
| Ubuntu Ubuntu | =21.04 | |
| All of | ||
| ubuntu/libslirp0 | <4.3.1-1ubuntu0.1 | 4.3.1-1ubuntu0.1 |
| Ubuntu Ubuntu | =20.10 | |
| All of | ||
| ubuntu/libslirp0 | <4.1.0-2ubuntu2.2 | 4.1.0-2ubuntu2.2 |
| Ubuntu Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-3594
- https://ubuntu.com/security/CVE-2021-3593
- https://ubuntu.com/security/CVE-2020-29130
- https://ubuntu.com/security/CVE-2021-3595
- https://ubuntu.com/security/CVE-2020-29129
- https://ubuntu.com/security/CVE-2021-3592
- https://ubuntu.com/security/notices/USN-5010-1
- https://ubuntu.com/security/notices/USN-5009-2
- https://ubuntu.com/security/notices/USN-7094-1
- https://launchpad.net/ubuntu/+source/libslirp/4.4.0-1ubuntu0.1
- https://launchpad.net/ubuntu/+source/libslirp/4.3.1-1ubuntu0.1
- https://launchpad.net/ubuntu/+source/libslirp/4.1.0-2ubuntu2.2
- https://ubuntu.com/security/notices/USN-5009-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for libslirp vulnerabilities?
The vulnerability IDs for libslirp vulnerabilities are CVE-2020-29129 and CVE-2020-29130.
How does libslirp handle certain header data lengths?
libslirp incorrectly handles certain header data lengths.
What is the potential impact of the libslirp vulnerabilities?
An attacker inside a guest could use these vulnerabilities to leak sensitive information from the host.
Which versions of Ubuntu are affected by the libslirp vulnerabilities?
Ubuntu 20.04 LTS and Ubuntu 20.10 are affected by these vulnerabilities.
How can I fix the libslirp vulnerabilities?
Upgrade to libslirp version 4.4.0-1ubuntu0.1 for Ubuntu 20.04 LTS, upgrade to libslirp version 4.3.1-1ubuntu0.1 for Ubuntu 20.10, or upgrade to libslirp version 4.1.0-2ubuntu2.2 for Ubuntu 21.04.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/event
- agent/title
- collector/usn
- source/Ubuntu
- anchor-related/USN-5010-1
- anchor-related/USN-5009-2
- anchor-related/USN-7094-1
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/21.04
- version/ubuntu ubuntu/20.10
- version/ubuntu ubuntu/20.04