Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 662878 (CVE-2017-17833, CVE-2019-5544) - net-libs/openslp: Multiple vulnerabilities (CVE-2017-17833, CVE-2019-5544)
Summary: net-libs/openslp: Multiple vulnerabilities (CVE-2017-17833, CVE-2019-5544)
Status: RESOLVED FIXED
Alias: CVE-2017-17833, CVE-2019-5544
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Deadline: 2019-11-05
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords: PATCH, PMASKED
: CVE-2018-12938 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-08-05 22:06 UTC by GLSAMaker/CVETool Bot
Modified: 2020-05-15 14:40 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-08-05 22:06:34 UTC
CVE-2017-17833 (https://nvd.nist.gov/vuln/detail/CVE-2017-17833):
  OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related
  memory corruption issue which may manifest itself as a denial-of-service or
  a remote code-execution vulnerability.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-05 22:08:28 UTC
Upstream patch: https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 00:05:38 UTC
*** Bug 659558 has been marked as a duplicate of this bug. ***
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 00:06:00 UTC
Maintainers, 
Red Hat has this fixed in openslp-2.0.0-7 
Debian in 1.2.1-9

Please advise if this is fixed and in tree already.
Comment 4 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-10-05 07:36:29 UTC
It is not.  I'm going to treeclean it.
Comment 5 Larry the Git Cow gentoo-dev 2019-10-05 07:42:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a5266f0c7fd9cb7c9c8c6fad432a4bac21e8466

commit 0a5266f0c7fd9cb7c9c8c6fad432a4bac21e8466
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2019-10-05 07:41:18 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-10-05 07:41:28 +0000

    package.mask: Last rite net-libs/openslp
    
    Bug: https://bugs.gentoo.org/662878
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 profiles/base/package.use.mask | 6 ++++++
 profiles/package.mask          | 6 ++++++
 2 files changed, 12 insertions(+)
Comment 6 Larry the Git Cow gentoo-dev 2019-11-05 22:36:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae1e24fcf7e40e90f37be07085a1743127d4f4cf

commit ae1e24fcf7e40e90f37be07085a1743127d4f4cf
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2019-11-05 22:34:37 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-11-05 22:34:43 +0000

    net-libs/openslp: Remove last-rited pkg
    
    Bug: https://bugs.gentoo.org/662878
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 net-libs/openslp/Manifest                          |   2 -
 net-libs/openslp/files/openslp-1.2.1-cflags.patch  |  11 -
 net-libs/openslp/files/openslp-1.2.1-fbsd.patch    |  12 -
 .../openslp/files/openslp-1.2.1-fixoverflow.patch  |  11 -
 .../files/openslp-2.0.0-CVE-2012-4428.patch        |  51 --
 .../files/openslp-2.0.0-CVE-2016-4912.patch        |  15 -
 .../files/openslp-2.0.0-CVE-2016-7567.patch        |  94 ---
 net-libs/openslp/files/openslp-2.0.0-cflags.patch  |  25 -
 .../openslp/files/openslp-2.0.0-namespace.patch    | 773 ---------------------
 net-libs/openslp/files/slpd-init                   |  88 ---
 net-libs/openslp/files/slpd.service                |  10 -
 net-libs/openslp/metadata.xml                      |  11 -
 net-libs/openslp/openslp-1.2.1-r3.ebuild           |  43 --
 net-libs/openslp/openslp-2.0.0-r4.ebuild           |  43 --
 net-libs/openslp/openslp-2.0.0-r5.ebuild           |  44 --
 profiles/package.mask                              |   6 -
 16 files changed, 1239 deletions(-)
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-15 14:40:00 UTC
https://security.gentoo.org/glsa/202005-12