SUSE-SU-2018:2779-1

Опубликовано: 21 сент. 2018

Источник: suse-cvrf

Описание

Security update for openslp

This update for openslp fixes the following issues:

CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638)
Prevent out of bounds reads in message parsing

Список пакетов

SUSE Enterprise Storage 4

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

openslp-server-2.0.0-18.15.1

SUSE Linux Enterprise Desktop 12 SP3

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

SUSE Linux Enterprise Server 12 SP1-LTSS

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

openslp-server-2.0.0-18.15.1

SUSE Linux Enterprise Server 12 SP2-LTSS

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

openslp-server-2.0.0-18.15.1

SUSE Linux Enterprise Server 12 SP3

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

openslp-server-2.0.0-18.15.1

SUSE Linux Enterprise Server 12-LTSS

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

openslp-server-2.0.0-18.15.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

openslp-server-2.0.0-18.15.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

openslp-server-2.0.0-18.15.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

openslp-server-2.0.0-18.15.1

SUSE Linux Enterprise Software Development Kit 12 SP3

openslp-devel-2.0.0-18.15.1

SUSE OpenStack Cloud 7

openslp-2.0.0-18.15.1

openslp-32bit-2.0.0-18.15.1

openslp-server-2.0.0-18.15.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20182779-1/
Link for SUSE-SU-2018:2779-1
https://lists.suse.com/pipermail/sle-security-updates/2018-September/004575.html
E-Mail link for SUSE-SU-2018:2779-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1090638
SUSE Bug 1090638
https://www.suse.com/security/cve/CVE-2017-17833/
SUSE CVE CVE-2017-17833 page

Описание

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Затронутые продукты

SUSE Enterprise Storage 4:openslp-2.0.0-18.15.1

SUSE Enterprise Storage 4:openslp-32bit-2.0.0-18.15.1

SUSE Enterprise Storage 4:openslp-server-2.0.0-18.15.1

SUSE Linux Enterprise Desktop 12 SP3:openslp-2.0.0-18.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17833.html
CVE-2017-17833
https://bugzilla.suse.com/1090638
SUSE Bug 1090638
https://bugzilla.suse.com/1099519
SUSE Bug 1099519
https://bugzilla.suse.com/1126909
SUSE Bug 1126909

SUSE-SU-2018:2779-1

Описание

Список пакетов

SUSE Enterprise Storage 4

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server 12-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE OpenStack Cloud 7

Ссылки

Уязвимость: CVE-2017-17833

Описание

Затронутые продукты

Ссылки