Description Georgi Geshev has discovered a vulnerability in OpenSLP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an out-of-bounds read error within the "SLPIntersectStringList()" function (common/slp_compare.c) when processing service requests and can be exploited to cause a crash via a specially crafted request. The vulnerability is confirmed in version 1.2.1. Other versions may also be affected. Solution No official solution is currently available.
I was going to file a separate "version bump" bug, but after finding this one, it seems more efficient to just add that information here. Openslp 2.0.0 was recently released (first release in more than eight years), which likely will have a solution for this problem.
I've added 2.0.0 to the tree, however I cannot test it at all, so NO KEYWORDS. Will need full re-keywording.
Debian patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=27;filename=CVE-2012-4428.patch;att=1;bug=687597 . @maintainers, Please patch and confirm that 2.0.0 is no longer affected. Request stabilization in this bug when ready.
@ Maintainer(s): According to https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/log/?path=/openslp/common/slp_compare.c upstream has never patch SLPContainsStringList function which contains the vulnerability. So please pick-up Debian's version and report upstream.
Strangely this issue was never addressed in 2.0.0 (not even in the upstream hg repository). I've forward-ported the patch (one chunk needed adapting since someone creatively re-arranged {brack{}ets}, one chunk isn't needed anymore since the code has been independently rewritten). Added in net-libs/openslp-2.0.0-r3.
See also: https://sourceforge.net/p/openslp/bugs/156/
Added to an existing GLSA Request.
Nothing to do for printing here anymore.
This issue was resolved and addressed in GLSA 201707-05 at https://security.gentoo.org/glsa/201707-05 by GLSA coordinator Thomas Deutschmann (whissi).