openSUSE Security Update: Security update for openslp ______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:2712-1 Rating: moderate References: #1001600 #974655 #980722 #994989 Cross-References: CVE-2016-4912 CVE-2016-7567 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________
An update that solves two vulnerabilities and has two fixes is now available.
Description:
This update for openslp fixes two security issues and two bugs.
The following vulnerabilities were fixed: - CVE-2016-4912: A remote attacker could have crashed the server with a large number of packages (bsc#980722) - CVE-2016-7567: A remote attacker could cause a memory corruption having unspecified impact (bsc#1001600)
The following bugfix changes are included: - bsc#994989: Removed convenience code as changes bytes in the message buffer breaking the verification code - bsc#974655: Removed no longer needed slpd init file
This update was imported from the SUSE:SLE-12:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-1262=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (i586 x86_64):
openslp-2.0.0-17.1 openslp-debuginfo-2.0.0-17.1 openslp-debugsource-2.0.0-17.1 openslp-devel-2.0.0-17.1 openslp-server-2.0.0-17.1 openslp-server-debuginfo-2.0.0-17.1
- openSUSE Leap 42.1 (x86_64):
openslp-32bit-2.0.0-17.1 openslp-debuginfo-32bit-2.0.0-17.1
References:
https://www.suse.com/security/cve/CVE-2016-4912.html https://www.suse.com/security/cve/CVE-2016-7567.html https://bugzilla.suse.com/1001600 https://bugzilla.suse.com/974655 https://bugzilla.suse.com/980722 https://bugzilla.suse.com/994989