Описание
Security update for OpenSLP
This update for OpenSLP fixes a bug in SLPIntersectStringList that could lead to an out-of-bounds read (CVE-2012-4428). Additionally, the SLP daemon now always use localtime(3) when writing to log files to avoid having timestamps with different timezones.
Security Issues:
* CVE-2012-4428
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4428>
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
openslp-1.2.0-172.24.1
openslp-32bit-1.2.0-172.24.1
SUSE Linux Enterprise Server 11 SP3
openslp-1.2.0-172.24.1
openslp-32bit-1.2.0-172.24.1
openslp-server-1.2.0-172.24.1
openslp-x86-1.2.0-172.24.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
openslp-1.2.0-172.24.1
openslp-32bit-1.2.0-172.24.1
openslp-server-1.2.0-172.24.1
openslp-x86-1.2.0-172.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
openslp-1.2.0-172.24.1
openslp-32bit-1.2.0-172.24.1
openslp-server-1.2.0-172.24.1
openslp-x86-1.2.0-172.24.1
SUSE Linux Enterprise Software Development Kit 11 SP3
openslp-devel-1.2.0-172.24.1
openslp-server-1.2.0-172.24.1
Ссылки
- Link for SUSE-SU-2015:0922-1
- E-Mail link for SUSE-SU-2015:0922-1
- SUSE Security Ratings
- SUSE Bug 778508
- SUSE Bug 855385
- SUSE CVE CVE-2012-4428 page
Описание
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:openslp-1.2.0-172.24.1
SUSE Linux Enterprise Desktop 11 SP3:openslp-32bit-1.2.0-172.24.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:openslp-1.2.0-172.24.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:openslp-32bit-1.2.0-172.24.1
Ссылки
- CVE-2012-4428
- SUSE Bug 778508
- SUSE Bug 979093