From Mageia wiki
Jump to: navigation, search

MGASA-2012-0227

Date: August 18th, 2012
Affected releases: 1, 2


Description:
Updated openslp packages fix security vulnerability:

The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote
attackers to cause a denial of service (infinite loop) via a packet with
a "next extension offset" that references this extension or a previous
extension (CVE-2010-3609).


Updated Packages:
Mageia 1:
openslp-1.2.1-11.1.mga1
lib(64)openslp1-1.2.1-11.1.mga1
lib(64)openslp1-devel-1.2.1-11.1.mga1

Mageia 2:
openslp-1.2.1-11.1.mga2
lib(64)openslp1-1.2.1-11.1.mga2
lib(64)openslp1-devel-1.2.1-11.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609
http://www.ubuntu.com/usn/usn-1118-1/
https://bugs.mageia.org/show_bug.cgi?id=7081