Описание
Security update for openslp
This update for openslp fixes two security issues and two bugs.
The following vulnerabilities were fixed:
- CVE-2016-4912: A remote attacker could have crashed the server with a large number of packages (bsc#980722)
- CVE-2016-7567: A remote attacker could cause a memory corruption having unspecified impact (bsc#1001600)
The following bugfix changes are included:
- bsc#994989: Removed convenience code as changes bytes in the message buffer breaking the verification code
- bsc#974655: Removed no longer needed slpd init file
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.1
openslp-2.0.0-17.1
openslp-32bit-2.0.0-17.1
openslp-devel-2.0.0-17.1
openslp-server-2.0.0-17.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2712-1
- SUSE Security Ratings
Описание
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
Затронутые продукты
openSUSE Leap 42.1:openslp-2.0.0-17.1
openSUSE Leap 42.1:openslp-32bit-2.0.0-17.1
openSUSE Leap 42.1:openslp-devel-2.0.0-17.1
openSUSE Leap 42.1:openslp-server-2.0.0-17.1
Ссылки
- CVE-2016-4912
- SUSE Bug 1074356
- SUSE Bug 980722
Описание
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
Затронутые продукты
openSUSE Leap 42.1:openslp-2.0.0-17.1
openSUSE Leap 42.1:openslp-32bit-2.0.0-17.1
openSUSE Leap 42.1:openslp-devel-2.0.0-17.1
openSUSE Leap 42.1:openslp-server-2.0.0-17.1
Ссылки
- CVE-2016-7567
- SUSE Bug 1001600
- SUSE Bug 1074356