Debian Security Advisory
DLA-2025-1 openslp-dfsg -- LTS security update
- Date Reported:
- 08 Dec 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-17833, CVE-2019-5544.
- More information:
The OpenSLP package had two open security issues, as described.
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the critical severity range.
For Debian 8
Jessie, these problems have been fixed in version 1.2.1-10+deb8u2.
We recommend that you upgrade your openslp-dfsg packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS