From Mageia wiki
MGASA-2012-0227
Date: | August 18th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated openslp packages fix security vulnerability:
The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote
attackers to cause a denial of service (infinite loop) via a packet with
a "next extension offset" that references this extension or a previous
extension (CVE-2010-3609).
Updated Packages:
Mageia 1:
openslp-1.2.1-11.1.mga1
lib(64)openslp1-1.2.1-11.1.mga1
lib(64)openslp1-devel-1.2.1-11.1.mga1
Mageia 2:
openslp-1.2.1-11.1.mga2
lib(64)openslp1-1.2.1-11.1.mga2
lib(64)openslp1-devel-1.2.1-11.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609
http://www.ubuntu.com/usn/usn-1118-1/
https://bugs.mageia.org/show_bug.cgi?id=7081