[SECURITY] [DLA 2551-1] slirp security update

2021-02-09T21:30:21
ID DEBIAN:DLA-2551-1:59C0D
Type debian
Reporter Debian
Modified 2021-02-09T21:30:21

Description


Debian LTS Advisory DLA-2551-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz February 09, 2021 https://wiki.debian.org/LTS


Package : slirp Version : 1:1.0.17-8+deb9u1 CVE ID : CVE-2020-7039 CVE-2020-8608

Two issues have been found in slirp, a SLIP/PPP emulator using a dial up shell account.

CVE-2020-7039

Due to mismanagement of memory, a heap-based buffer overflow or
other out-of-bounds access might happen, which can lead to a DoS
or potential execute arbitrary code.

CVE-2020-8608

Prevent a buffer overflow vulnerability due to incorrect usage
of return values from snprintf.

For Debian 9 stretch, these problems have been fixed in version 1:1.0.17-8+deb9u1.

We recommend that you upgrade your slirp packages.

For the detailed security status of slirp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/slirp

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS