From the US-CERT Vulnerability Note at http://www.kb.cert.org/vuls/id/393783:
Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. The OpenSLP project is an effort to develop an open-source implementation of Service Location Protocol. When OpenSLP parses a SLP packet containing malformed extensions the extensions parser will enter an infinite loop causing a denial-of-service condition.
If an attacker creates a packet containing a "next extension offset" pointing to itself or to a previous extension, the extension's parser will enter an infinite loop consuming 100% of the CPU.
A remote unauthenticated attacker may be able to create a denial-of-service condition.
The upstream fix is at $URL.
This applies to openslp-2.0.0_betaXXX (not sure), which we dont even have in portage yet.
The patched file is not present in our openslp-1.2.1.
No 2.0.0 release has been made so far.
Ok, thank you. Resolving this as INVALID.
*** Bug 560694 has been marked as a duplicate of this bug. ***
Re-opening, affected version is now in repository.
(In reply to Thomas Deutschmann from comment #4)
> Re-opening, affected version is now in repository.
We never had an affected version. This was fixed already in the 2.0.0 release.
Nothing to do here.
(In reply to Andreas K. Hüttel from comment #5)
> (In reply to Thomas Deutschmann from comment #4)
> > Re-opening, affected version is now in repository.
> We never had an affected version. This was fixed already in the 2.0.0
> Nothing to do here.
On x86 arch (stable):
> # emerge -p net-libs/openslp
> These are the packages that would be merged, in order:
> Calculating dependencies... done!
> [ebuild N ] net-libs/openslp-1.2.1-r3::gentoo 866 KiB
> I think the openslp package versions, as shipped with Fedora release
> of 13 and 14, and as present within EPEL-5 repository is affected by this
> flaw too (just the particular code doesn't live in slp_v2message.c as in
> upstream v2.0.beta1 openslp version, but rather in slp_message.c and
> particular affected routine is called:
> 868 int ParseExtension(SLPBuffer buffer, SLPMessage message)
> in Fedora's / EPEL's openslp v1.2.1 upstream based versions).
> So under my opinion, the proposed upstream patch from above comment
> should be backported to address this issue in these versions too.
So we either need to backport the fix to our 1.2.1 version or stabilize =net-libs/openslp-2.0.0-r4 for example.
Added to an existing GLSA Request.
Nothing to do for printing here anymore.
This issue was resolved and addressed in
GLSA 201707-05 at https://security.gentoo.org/glsa/201707-05
by GLSA coordinator Thomas Deutschmann (whissi).