Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1187-1

Опубликовано: 05 мая 2017
Источник: suse-cvrf

Описание

Security update for libosip2

This update for libosip2 fixes several issues.

These security issues were fixed:

  • CVE-2017-7853: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS (bsc#1034570).
  • CVE-2016-10326: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS (bsc#1034571).
  • CVE-2016-10325: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS (bsc#1034572).
  • CVE-2016-10324: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c (bsc#1034574).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
libosip2-3.5.0-20.1
SUSE Linux Enterprise Desktop 12 SP2
libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libosip2-3.5.0-20.1
libosip2-devel-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libosip2-3.5.0-20.1
libosip2-devel-3.5.0-20.1
SUSE Linux Enterprise Workstation Extension 12 SP1
libosip2-3.5.0-20.1
SUSE Linux Enterprise Workstation Extension 12 SP2
libosip2-3.5.0-20.1

Ссылки

Описание

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libosip2-3.5.0-20.1
SUSE Linux Enterprise Desktop 12 SP2:libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libosip2-devel-3.5.0-20.1
Ссылки

Описание

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libosip2-3.5.0-20.1
SUSE Linux Enterprise Desktop 12 SP2:libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libosip2-devel-3.5.0-20.1
Ссылки

Описание

In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libosip2-3.5.0-20.1
SUSE Linux Enterprise Desktop 12 SP2:libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libosip2-devel-3.5.0-20.1
Ссылки

Описание

In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libosip2-3.5.0-20.1
SUSE Linux Enterprise Desktop 12 SP2:libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libosip2-3.5.0-20.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libosip2-devel-3.5.0-20.1
Ссылки
Уязвимость SUSE-SU-2017:1187-1