You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openslp-dfsg

Sigurnosni nedostaci programskog paketa openslp-dfsg

by Marina Dimic Vugec - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3708-1
July 09, 2018

openslp-dfsg vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

OpenSLP could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
– openslp-dfsg: Service Location Protocol library

Details:

It was discovered that OpenSLP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause OpenSLP to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libslp1 1.2.1-11ubuntu0.16.04.1

Ubuntu 14.04 LTS:
libslp1 1.2.1-9ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3708-1
CVE-2017-17833, CVE-2018-12938

Package Information:
https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-11ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-9ubuntu0.3

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAltDp0EACgkQZWnYVadE
vpNBrhAArZPoVrcOu9rgQ98XpOq5dqTD9nntYWGU3WefhJpaLj0tsz4P4no8Ktke
Y/elsI8B52mXhMwIzFd4AXLlBInifuOHymAufSIguFNkgZOs/mN5t6NStkop5tEq
p4YkOS/6qOVAIvRsM4QM2li6oKrJ4GVEUy98nPy10Y2hByOmT2PVvKE9QtFOAbWg
RdITmFsMo8hn0CZ5Aziqo8qZp7eVYeCGpZ30zPxLuUH837amrvBtlh2S4o1Y2myF
rM2rmDev5xFHVCr+7Xg0ZRBpdrc9VZE43oNgNM131YusmYk0TiOvmwvsn+iHz7cF
lpciGIT+Fx/gXYvLnkqavTtBrFj24tc6t0DZbkvFcZ/vqWeJvv2Jg5f0HEo9CBSO
9V7orDtkEI/0jgQwZmys2Wkbi6Pk6pCBSUCNTF0qTInsbYpHN9N3z93Zw7x6V8zB
PxqFlQCUDIyWyQjCPA0TNPQNmYAkp2LPGNbJdOrZ53DGniFum1fIpAK1c5osZ72N
pX8Mb7zmy5xe/p1/kaQbuhs0OJtxp2ck4lt0tn8Jgn6EmPazoc6+qTM+6VytjAka
WtaybrEM4kgz1GeqDtG/QCewrLaMoqzI3ye0WZ0dtbV0Nk44eqEjq34hws84zILo
1VUuOj+k7mLSqwyeLjli5Rok4JK7ogvXsqtObiZPiV6IC4ICI58=
=FBHZ
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-07-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libjpeg-turbo

Otkriveni su sigurnosni nedostaci programske biblioteke libjpeg-turbo za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja....

Close