First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 85347
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Luke Macken (RETIRED) <lewk@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 85347 depends on: Show dependency tree
Bug 85347 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-03-15 07:18 0000 
Description:
SUSE Security Team has reported some vulnerabilities in OpenSLP, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to various boundary errors and can be exploited to cause buffer overflows via specially crafted SLP packets.

Successful exploitation may allow execution of arbitrary code.

Solution:
Update to version 1.2.1.
http://sourceforge.net/project/showfiles.php?group_id=1730

Provided and/or discovered by:
SUSE Security Team

Original Advisory:
http://www.novell.com/linux/security/advisories/2005_15_openslp.html

------- Comment #1 From Luke Macken (RETIRED) 2005-03-15 07:20:36 0000 ------- 
*** Bug 83685 has been marked as a duplicate of this bug. ***

------- Comment #2 From Luke Macken (RETIRED) 2005-03-15 07:28:53 0000 ------- 
No metadata for this package.  liquidx, you have bumped this package in the
past.  Please update to 1.2.1.

------- Comment #3 From Alastair Tse (RETIRED) 2005-03-16 01:38:59 0000 ------- 
updated to 1.2.1 and stable for x86. added metadata.xml as well.

------- Comment #4 From Thierry Carrez (RETIRED) 2005-03-16 01:46:56 0000 ------- 
Arches, please test and mark stable

------- Comment #5 From Michael Hanselmann (hansmi) (RETIRED) 2005-03-16 10:27:04 0000 ------- 
Stable on ppc.

------- Comment #6 From Markus Rothe 2005-03-16 11:45:18 0000 ------- 
stable on ppc64

------- Comment #7 From Bryan Østergaard (RETIRED) 2005-03-16 14:23:56 0000 ------- 
Stable on alpha.

------- Comment #8 From Hardave Riar (RETIRED) 2005-03-17 01:42:32 0000 ------- 
Stable on mips.

------- Comment #9 From Gustavo Zacarias (RETIRED) 2005-03-17 07:31:22 0000 ------- 
sparc stable.

------- Comment #10 From Jan Brinkmann (RETIRED) 2005-03-17 11:23:55 0000 ------- 
openslp 1.2.1 fails for me in src_test, i.e. with FEATURES="maketest" enabled:

http://dev.gentoo.org/~luckyduck/misc/openslp-maketest.txt

not stable on amd64 for the moment, what todo about that?

------- Comment #11 From Danny van Dyk (RETIRED) 2005-03-17 20:45:14 0000 ------- 
Neither the version of net-libs/openslp in the tree nor SUSE's openslp-1.1.5
pass
make check on amd64. I masked the slp USE flag and package.mask'ed
net-libs/openslp for all amd64 profiles. All openslp packages are now marked
"-amd64" as well.

------- Comment #12 From Alastair Tse (RETIRED) 2005-03-18 03:42:16 0000 ------- 
err, actually the tests fail on x86 as well. i don't run with maketest because
too many packages have broken tests anyway. i'm disabling the tests for both
1.0.11 and 1.2.1, so you can mark amd64 back on those if you like.

------- Comment #13 From Thierry Carrez (RETIRED) 2005-03-20 06:43:16 0000 ------- 
If it works and the tests incorrectly report failure, then maybe it could be
marked amd64-stable as in "doesn't work worse than what was the latest stable
version before"...

Other option: we can list amd64 as not having any fix for this and advise amd64
users to remove the package. amd64 team, your choice.

------- Comment #14 From Jan Brinkmann (RETIRED) 2005-03-20 07:22:11 0000 ------- 
stable on amd64, where the tests are disabled =)

------- Comment #15 From Thierry Carrez (RETIRED) 2005-03-20 13:44:32 0000 ------- 
GLSA 200503-25
arm/hppa/ia64/s390 should mark stable to benefit from GLSA

------- Comment #16 From René Nussbaumer 2005-06-26 06:54:39 0000 ------- 
Stable on hppa
First Last Prev Next    No search results available      Search page      Enter new bug