CVE-2020-10756 · cross-distro fix matrix

CVE-2020-10756: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, re

Affects 8 Linux releases across 14 (distro × package) combinations.

Fix per ecosystem

Each block below is a distro release where CVE-2020-10756 has a known fix. Run the listed command on that distro to remediate.

Source: Debian Security Tracker

libslirp→ fixed in4.3.1-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y libslirp
```
qemu→ fixed in1:4.1-2urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y qemu
```
slirp4netns→ fixed in1.0.1-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y slirp4netns
```

Source: Debian Security Tracker

libslirp→ fixed in4.3.1-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y libslirp
```
qemu→ fixed in1:4.1-2urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y qemu
```
slirp4netns→ fixed in1.0.1-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y slirp4netns
```

Source: Debian Security Tracker

libslirp→ fixed in4.3.1-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y libslirp
```
qemu→ fixed in1:4.1-2urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y qemu
```
slirp4netns→ fixed in1.0.1-1urgency: not yet assigned
```
sudo apt-get install --only-upgrade -y slirp4netns
```