1791677 – QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-8]

Bug 1791677 - QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-8]

Summary: QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-8]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	8.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	8.0
Assignee:	Marc-Andre Lureau
QA Contact:	Quan Wenli
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1791679 1791680
TreeView+	depends on / blocked

Reported:	2020-01-16 11:10 UTC by Prasad Pandit
Modified:	2023-03-07 11:58 UTC (History)
CC List:	14 users (show)
Fixed In Version:	qemu-kvm-2.12.0-99.module+el8.2.0+5827+8c39933c
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1791679 (view as bug list)
Environment:
Last Closed:	2020-04-28 15:33:39 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	wquan: needinfo-

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-34843	0	None	None	None	2023-03-07 11:58:18 UTC
Red Hat Product Errata	RHEA-2020:1587	0	None	None	None	2020-04-28 15:34:30 UTC

Description Prasad Pandit 2020-01-16 11:10:09 UTC

Description of problem:

Upstream libslirp has disabled emulation of the tcp programs like ftp/IRC etc. in user-mode SLiRP networking since v4.1.0.

 ->  https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91

   emu: disable by default

tcp_emu() is known to have caused several CVEs, and not useful today in most cases.

https://nvd.nist.gov/vuln/detail/CVE-2019-6778
https://nvd.nist.gov/vuln/detail/CVE-2019-9824

The feature can be still enabled by setting SlirpConfig.enable_emu to
true.

* Please include this patch in the qemu-kvm package versions of RHEL too.

* It'll probably be better to disable user-mode SLiRP networking itself in qemu-kvm.

  ie. compile qemu-kvm package with '--disable-slirp' configure option.

Comment 6 Danilo de Paula 2020-02-19 16:48:43 UTC

The patch fixing this BZ is lacking review ACKs.

Comment 15 errata-xmlrpc 2020-04-28 15:33:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1587

Note You need to log in before you can comment on or make changes to this bug.