-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0281
                           slirp security update
                              28 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           slirp
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-7039  

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running slirp check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : slirp
Version        : 1:1.0.17-7+deb8u1
CVE ID         : CVE-2020-7039
Debian Bug     : 949085


An issue has been found in slirp, a SLIP/PPP emulator using a dial up 
shell account.
Due to bad memory handling in slirp a heap-based buffer overflow or other 
out-of-bounds access could happen, which can lead to a DoS or potential 
execute arbitrary code.


For Debian 8 "Jessie", this problem has been fixed in version 
1:1.0.17-7+deb8u1.

We recommend that you upgrade your slirp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4uB/BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEe7cw//RKnZI6rGUmJLnJF4sYKR8+CU482LZauTXWO19Ry9n4feteHkm5ffPPZ6
fiIBT6VxDQ2fDzJDGFtfRrtsyMzUHu4mEDXE7JYnI4mSnbi0iEvPASdo+nWCKDp3
AOF+hvNz4JC4rh5EKJGLNuX05wHc6OoAAArSBq7day1vCqYIq3NDSeasYSb8vYer
w3irbpTPe3Wx9hD/qk8Ll7IEZY7u5BcytqqJSywF5qpa6RLv5FEwd7vK5CdQzlgP
keuwNTsiJv5cTftbS3J02eo9PZOEks3D5lCExH2jcP8nWV/xMp4Aql/pEzSI1BN8
lcwdSM5v3m442Iy4RqQxMByNa9rmWVi4hCc/tVTV5qqhOkPe20QzTsAUGpEfhoi6
dT46MZSV2wkuZqIEwwK7gPdR5/0Z83AtgeWZN9T5vB4YENp4XKy/tcgzhifhkavg
D9lypBaImgPPRypP07hW8Ugfd+7tr33sQV6AR46KDNldlgznJlM/vb5P3SHmLTgS
dJxfSZ8pHedigGdTcu1QtOdk4Ps2wtR+qdVnvw0Oqn6egrgu2aCAfSOFjKgYgsND
eCfemFiklX/qBddNr5y1emJUSBO8j6sWjSG+fsv6fkMe3Y8qdYN0mcKrAZF4S3SU
OYiXhobFGMsWuKi+Q/1YVbWYAQX74D3l9Xva3il6eEyvJlfyjuQ=
=hWB9
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXi+5uWaOgq3Tt24GAQhxqBAA2Xz6uuy9OKYMALn9H8WhmaqhuMjJsjoo
kI4zreoxC7cDZsMlCbdj/waMhjWT2tAmSctntCAKiagj0wVXypjvr89wGxqachvL
VivXdKzjC09yQ/xOVa84k29a86ur8P6Y8ASfeQGTmRVpkTJHi+KKTmxePKJ9j6PP
JLVxQIMG/vrh1JEcyyBtpuR3Iqu3uNfBz7VJPphWRZ8cQ5A7t0cfpufSF1f5db3J
STZvMPvr1xRPqvvnsuN+dmOwsG+qlHDOKA2QHFNL9hK/PggmH72/DmRWfia+Y2a5
2cWlAx9pvNevsmy5Cg6at2afRAkqOl1xW6DATOwcO63E1BlnttUX3enmDOHAve4z
PlTFd2nmgv96i5BUM3Mz5Jp8s3cyQlfxpCEeNDKWwJRA3zQksUCVejL7JWtZoOGD
hPfek/UVrYvph+r3QbYIsOTCANCusDE+FAAT0FWsIHBUegTuuw0Mn77ZmiDpp+Kg
es22ICH1q697bVWmFTo8pUzDwOUuuxdSPGwS3GY2WJpC18hW2dMkSoR8h0xxiZRE
dXN96gx5ubep/CaAHj86NbE6LRxYxYriBRWcYn1i31MnbLOcoXyn4I+daaNulwwW
ovY/uleWwlt0wEII1010PLLZqlPVg7lPHFQUnQDlqTXoSkmnlM4jp9bNr9pCiGfc
gZg9WJcxfQg=
=8abb
-----END PGP SIGNATURE-----