openSUSE Security Update: Security update for openslp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2712-1 Rating: moderate References: #1001600 #974655 #980722 #994989 Cross-References: CVE-2016-4912 CVE-2016-7567 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for openslp fixes two security issues and two bugs. The following vulnerabilities were fixed: - CVE-2016-4912: A remote attacker could have crashed the server with a large number of packages (bsc#980722) - CVE-2016-7567: A remote attacker could cause a memory corruption having unspecified impact (bsc#1001600) The following bugfix changes are included: - bsc#994989: Removed convenience code as changes bytes in the message buffer breaking the verification code - bsc#974655: Removed no longer needed slpd init file This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1262=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): openslp-2.0.0-17.1 openslp-debuginfo-2.0.0-17.1 openslp-debugsource-2.0.0-17.1 openslp-devel-2.0.0-17.1 openslp-server-2.0.0-17.1 openslp-server-debuginfo-2.0.0-17.1 - openSUSE Leap 42.1 (x86_64): openslp-32bit-2.0.0-17.1 openslp-debuginfo-32bit-2.0.0-17.1 References: https://www.suse.com/security/cve/CVE-2016-4912.html https://www.suse.com/security/cve/CVE-2016-7567.html https://bugzilla.suse.com/1001600 https://bugzilla.suse.com/974655 https://bugzilla.suse.com/980722 https://bugzilla.suse.com/994989