SUSE Security Team has reported some vulnerabilities in OpenSLP, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to various boundary errors and can be exploited to cause buffer overflows via specially crafted SLP packets.
Successful exploitation may allow execution of arbitrary code.
Update to version 1.2.1.
Provided and/or discovered by:
SUSE Security Team
*** Bug 83685 has been marked as a duplicate of this bug. ***
No metadata for this package. liquidx, you have bumped this package in the past. Please update to 1.2.1.
updated to 1.2.1 and stable for x86. added metadata.xml as well.
Arches, please test and mark stable
Stable on ppc.
stable on ppc64
Stable on alpha.
Stable on mips.
openslp 1.2.1 fails for me in src_test, i.e. with FEATURES="maketest" enabled:
not stable on amd64 for the moment, what todo about that?
Neither the version of net-libs/openslp in the tree nor SUSE's openslp-1.1.5 pass
make check on amd64. I masked the slp USE flag and package.mask'ed net-libs/openslp for all amd64 profiles. All openslp packages are now marked
"-amd64" as well.
err, actually the tests fail on x86 as well. i don't run with maketest because too many packages have broken tests anyway. i'm disabling the tests for both 1.0.11 and 1.2.1, so you can mark amd64 back on those if you like.
If it works and the tests incorrectly report failure, then maybe it could be marked amd64-stable as in "doesn't work worse than what was the latest stable version before"...
Other option: we can list amd64 as not having any fix for this and advise amd64 users to remove the package. amd64 team, your choice.
stable on amd64, where the tests are disabled =)
arm/hppa/ia64/s390 should mark stable to benefit from GLSA
Stable on hppa