openslp-2.0.0-4.AXS4

エラータID: AXSA:2020-049:01

Release date: 
Monday, May 4, 2020 - 15:00
Subject: 
openslp-2.0.0-4.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

OpenSLP is an open source implementation of the Service Location Protocol (SLP)
which is an Internet Engineering Task Force (IETF) standards track protocol and
provides a framework to allow networking applications to discover the existence,
location, and configuration of networked services in enterprise networks.

Security Fix(es):

openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c
leading to remote code execution (CVE-2019-5544)

CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite
issue. VMware has evaluated the severity of this issue to be in the Critical
severity range with a maximum CVSSv3 base score of 9.8.

Solution: 

Update packages.

CVEs: 
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Additional Info: 

N/A

Download: 

SRPMS
  1. openslp-2.0.0-4.AXS4.src.rpm
    MD5: fb8756779d5adac8eaa48e661b96343e
    SHA-256: 49bec7c033f50d4333806bbd5e1f79831d5f78d9cc707651abcf8af91b2339d8
    Size: 5.13 MB

Asianux Server 4 for x86
  1. openslp-2.0.0-4.AXS4.i686.rpm
    MD5: 2f8397b4eaf9de48bb2ed71d069d025c
    SHA-256: 9e9773f4fcd4f8da4c66268cb319abba81c6620429e754b8e0a443ac14bfbf27
    Size: 326.58 kB

Asianux Server 4 for x86_64
  1. openslp-2.0.0-4.AXS4.x86_64.rpm
    MD5: 92e8ae5cf7e9f212753667d7ec8984e0
    SHA-256: 7f05b1c94cfffae8cd05c792b3c1215280e11ee87320c19535eb95feda121557
    Size: 325.00 kB
  2. openslp-2.0.0-4.AXS4.i686.rpm
    MD5: 2f8397b4eaf9de48bb2ed71d069d025c
    SHA-256: 9e9773f4fcd4f8da4c66268cb319abba81c6620429e754b8e0a443ac14bfbf27
    Size: 326.58 kB