Debian Security Advisory
DLA-304-1 openslp-dfsg -- LTS security update
- Date Reported:
- 03 Sep 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 623551, Bug 687597, Bug 795429.
In Mitre's CVE dictionary: CVE-2010-3609, CVE-2012-4428, CVE-2015-5177.
- More information:
Several issues have been found and solved in OpenSLP, that implements the Internet Engineering Task Force (IETF) Service Location Protocol standards protocol.
Remote attackers could cause a Denial of Service in the Service Location Protocol daemon (SLPD) via a crafted packet with a
next extension offset.
Georgi Geshev discovered that an out-of-bounds read error in the SLPIntersectStringList() function could be used to cause a DoS.
A double free in the SLPDProcessMessage() function could be used to cause openslp to crash.
For Debian 6
Squeeze, these problems have been fixed in openslp-dfsg version 1.2.1-7.8+deb6u1.
We recommend that you upgrade your openslp-dfsg packages.