Описание
Security update for openslp
This update for openslp fixes two security issues and two bugs.
The following vulnerabilities were fixed:
- CVE-2016-4912: A remote attacker could have crashed the server with a large number of packages (bsc#980722)
- CVE-2016-7567: A remote attacker could cause a memory corruption having unspecified impact (bsc#1001600)
The following bugfix changes are included:
- bsc#994989: Removed convenience code as changes bytes in the message buffer breaking the verification code
- bsc#974655: Removed no longer needed slpd init file
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
openslp-2.0.0-17.1
openslp-32bit-2.0.0-17.1
SUSE Linux Enterprise Server 12 SP1
openslp-2.0.0-17.1
openslp-32bit-2.0.0-17.1
openslp-server-2.0.0-17.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
openslp-2.0.0-17.1
openslp-32bit-2.0.0-17.1
openslp-server-2.0.0-17.1
SUSE Linux Enterprise Software Development Kit 12 SP1
openslp-devel-2.0.0-17.1
Ссылки
- Link for SUSE-SU-2016:2661-1
- E-Mail link for SUSE-SU-2016:2661-1
- SUSE Security Ratings
- SUSE Bug 1001600
- SUSE Bug 974655
- SUSE Bug 980722
- SUSE Bug 994989
- SUSE CVE CVE-2016-4912 page
- SUSE CVE CVE-2016-7567 page
Описание
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:openslp-2.0.0-17.1
SUSE Linux Enterprise Desktop 12 SP1:openslp-32bit-2.0.0-17.1
SUSE Linux Enterprise Server 12 SP1:openslp-2.0.0-17.1
SUSE Linux Enterprise Server 12 SP1:openslp-32bit-2.0.0-17.1
Ссылки
- CVE-2016-4912
- SUSE Bug 1074356
- SUSE Bug 980722
Описание
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:openslp-2.0.0-17.1
SUSE Linux Enterprise Desktop 12 SP1:openslp-32bit-2.0.0-17.1
SUSE Linux Enterprise Server 12 SP1:openslp-2.0.0-17.1
SUSE Linux Enterprise Server 12 SP1:openslp-32bit-2.0.0-17.1
Ссылки
- CVE-2016-7567
- SUSE Bug 1001600
- SUSE Bug 1074356