Package : openslp-dfsg Version : 1.2.1-7.8+deb6u1 CVE ID : CVE-2010-3609 CVE-2012-4428 CVE-2015-5177 Debian Bug : 623551 687597 795429 Several issues have been found and solved in OpenSLP, that implements the Internet Engineering Task Force (IETF) Service Location Protocol standards protocol. CVE-2010-3609 Remote attackers could cause a Denial of Service in the Service Location Protocol daemon (SLPD) via a crafted packet with a "next extension offset". CVE-2012-4428 Georgi Geshev discovered that an out-of-bounds read error in the SLPIntersectStringList() function could be used to cause a DoS. CVE-2015-5177 A double free in the SLPDProcessMessage() function could be used to cause openslp to crash. For Debian 6 "Squeeze", these problems have been fixed in openslp-dfsg version 1.2.1-7.8+deb6u1. We recommend that you upgrade your openslp-dfsg packages. Learn more about the Debian Long Term Support (LTS) Project and how to apply these updates at: https://wiki.debian.org/LTS/
Attachment:
signature.asc
Description: Digital signature