Описание
Security update for openslp
This update for openslp fixes the following issues:
- CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638)
- Prevent out of bounds reads in message parsing
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
openslp-2.0.0-6.3.1
openslp-32bit-2.0.0-6.3.1
openslp-devel-2.0.0-6.3.1
SUSE Linux Enterprise Module for Server Applications 15
openslp-server-2.0.0-6.3.1
Ссылки
- Link for SUSE-SU-2018:1917-1
- E-Mail link for SUSE-SU-2018:1917-1
- SUSE Security Ratings
- SUSE Bug 1090638
- SUSE CVE CVE-2017-17833 page
Описание
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:openslp-2.0.0-6.3.1
SUSE Linux Enterprise Module for Basesystem 15:openslp-32bit-2.0.0-6.3.1
SUSE Linux Enterprise Module for Basesystem 15:openslp-devel-2.0.0-6.3.1
SUSE Linux Enterprise Module for Server Applications 15:openslp-server-2.0.0-6.3.1
Ссылки
- CVE-2017-17833
- SUSE Bug 1090638
- SUSE Bug 1099519
- SUSE Bug 1126909