slirp4netns (SL7) | Scientific Linux

Synopsis: Important: slirp4netns security update
Advisory ID: SLSA-2020:0889-1
Issue Date: 2020-03-17
CVE Numbers: CVE-2019-14378
CVE-2019-15890
CVE-2020-7039
CVE-2020-8608
—

Security Fix(es):

* QEMU: slirp: heap buffer overflow during packet reassembly
(CVE-2019-14378)

* QEMU: slirp: OOB buffer access while emulating tcp protocols in
tcp_emu() (CVE-2020-7039)

* CVE-2020-8608 slirp4netns: QEMU: Slirp: potential OOB access due to
unsafe snprintf() usages

* CVE-2019-15890 QEMU: Slirp: use-after-free during packet reassembly
—

– Scientific Linux Development Team

SL Security Errata