[pve-devel] [PATCH pve-qemu] security patches for libslirp CVE-2020-8608

Thomas Lamprecht t.lamprecht at proxmox.com
Fri Mar 6 16:53:19 CET 2020


On 2/6/20 3:25 PM, Oguz Bektas wrote:
> original commits and email can be found here[0]
> 
> A out-of-bounds heap buffer access issue was found in the SLiRP
> networking implementation of the QEMU emulator. It occurs in tcp_emu()
> routine while emulating IRC and other protocols due to unsafe usage of
> snprintf(3) function.
> 
> A user/process could use this flaw to crash the Qemu process on the host
> resulting in DoS or potentially execute arbitrary code with privileges
> of the QEMU process on the host.
> 
> [0]: https://seclists.org/oss-sec/2020/q1/64
> 
> Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
> ---
>  .../0003-util-add-slirp_fmt-helpers.patch     | 126 ++++++++++++++++
>  ...4-tcp_emu-fix-unsafe-snprintf-usages.patch | 135 ++++++++++++++++++
>  debian/patches/series                         |   2 +
>  3 files changed, 263 insertions(+)
>  create mode 100644 debian/patches/extra/0003-util-add-slirp_fmt-helpers.patch
>  create mode 100644 debian/patches/extra/0004-tcp_emu-fix-unsafe-snprintf-usages.patch
> 

applied, but rebased on current master (series file changed) - thanks!




More information about the pve-devel mailing list