Security update for slirp4netns

Announcement ID:	SUSE-SU-2023:0870-1
Rating:	moderate
References:	bsc#1179466 bsc#1179467
Cross-References:	CVE-2020-29129 CVE-2020-29130
CVSS scores:	CVE-2020-29129 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE-2020-29129 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products:	openSUSE Leap Micro 5.3 SUSE Enterprise Storage 7 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Server 15 SP2

An update that solves two vulnerabilities can now be installed.

Description:

This update for slirp4netns fixes the following issues:

CVE-2020-29129: Fixed out-of-bounds access while processing NCSI packets (bsc#1179466).
CVE-2020-29130: Fixed out-of-bounds access while processing ARP packets (bsc#1179467).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-870=1
SUSE Enterprise Storage 7
zypper in -t patch SUSE-Storage-7-2023-870=1
SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-870=1

Package List:

openSUSE Leap Micro 5.3 (aarch64 x86_64)
- slirp4netns-debugsource-0.4.7-150100.3.18.1
- slirp4netns-0.4.7-150100.3.18.1
- slirp4netns-debuginfo-0.4.7-150100.3.18.1
SUSE Enterprise Storage 7 (aarch64 x86_64)
- slirp4netns-debugsource-0.4.7-150100.3.18.1
- slirp4netns-0.4.7-150100.3.18.1
- slirp4netns-debuginfo-0.4.7-150100.3.18.1
SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
- slirp4netns-debugsource-0.4.7-150100.3.18.1
- slirp4netns-0.4.7-150100.3.18.1
- slirp4netns-debuginfo-0.4.7-150100.3.18.1

Security update for slirp4netns

Description:

Patch Instructions:

Package List:

References: