openslp-2.0.0-3.AXS4

エラータID: AXSA:2018-3270:01

Release date: 
Wednesday, August 1, 2018 - 00:49
Subject: 
openslp-2.0.0-3.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks.

Security Fix(es):

* openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2017-17833
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. openslp-2.0.0-3.AXS4.src.rpm
    MD5: 67aed987747db67bf5a58301739e1a61
    SHA-256: 541c6f5d6c8e6fe64bead872a6690347ea308e742e8fdb17346e324355c0cb40
    Size: 5.12 MB

Asianux Server 4 for x86
  1. openslp-2.0.0-3.AXS4.i686.rpm
    MD5: 4f5b5ccf161329c71a584081ec465d66
    SHA-256: bd50449faa30eeafef4b6784742dad46e013af383b70d5604d7ffb1405fbb3a0
    Size: 326.38 kB

Asianux Server 4 for x86_64
  1. openslp-2.0.0-3.AXS4.x86_64.rpm
    MD5: 0bf78669170e58abb7edde5401dbb882
    SHA-256: ac856aba4626da6d25a70bd73e090279c764aab72a839f402f340cecfb2f3be3
    Size: 324.78 kB
  2. openslp-2.0.0-3.AXS4.i686.rpm
    MD5: 4f5b5ccf161329c71a584081ec465d66
    SHA-256: bd50449faa30eeafef4b6784742dad46e013af383b70d5604d7ffb1405fbb3a0
    Size: 326.38 kB