Overview

File _patchinfo of Package patchinfo.23007

<patchinfo incident="23007">
  <issue tracker="cve" id="2021-3592"/>
  <issue tracker="cve" id="2021-3595"/>
  <issue tracker="cve" id="2021-3594"/>
  <issue tracker="bnc" id="1187364">VUL-1: CVE-2021-3592: qemu,kvm,libslirp: slirp: invalid pointer initialization may lead to information disclosure (bootp)</issue>
  <issue tracker="bnc" id="1187366">VUL-1: CVE-2021-3595: qemu: slirp,libslirp: invalid pointer initialization may lead to information disclosure (tftp)</issue>
  <issue tracker="bnc" id="1187367">VUL-1: CVE-2021-3594: qemu,kvm,libslirp: slirp: invalid pointer initialization may lead to information disclosure (udp)</issue>
  <packager>pgajdos</packager>
  <rating>low</rating>
  <category>security</category>
  <summary>Security update for libslirp</summary>
  <description>This update for libslirp fixes the following issues:

NOTE: this update was retracted, as the bootp fix was incorrect and breaks DHCP usage in qemu.

- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
</description>
<retracted/>
</patchinfo>
openSUSE Build Service is sponsored by
Places