CVE-2020-7211 QEMU: Slirp: potential directory traversal using relative paths via tftp server on Windows host

[P J P <ppandit () redhat com>]

  Hello,

A potential directory traversal issue was found in the tftp server of the 
SLiRP user-mode networking implementation used by QEMU. It could occur on 
Windows host, as it allows to use both forward ('/') and backward slash('\') 
tokens as separators in a file path.

A user able to access the tftp server could use this flaw to access undue 
files by using relative paths.

Upstream patch:
---------------
  -> https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4

'CVE-2020-7211' assigned via -> https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D