UbuntuUpdates.org

Package "openslp-dfsg"

Name: openslp-dfsg

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • OpenSLP Server (slpd)
  • SLP command line tool

Latest version: 1.2.1-9ubuntu0.3
Release: trusty (14.04)
Level: updates
Repository: universe

Links



Other versions of "openslp-dfsg" in Trusty

Repository Area Version
security universe 1.2.1-9ubuntu0.3
security main 1.2.1-9ubuntu0.3
updates main 1.2.1-9ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.2.1-9ubuntu0.3 2018-07-09 19:07:02 UTC

  openslp-dfsg (1.2.1-9ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS or code exec via double-free
    - debian/patches/CVE-2017-17833.patch: fix up local copy of pointer in
      slpd/slpd_process.c.
    - CVE-2017-17833
    - CVE-2018-12938

 -- Marc Deslauriers <email address hidden> Fri, 06 Jul 2018 13:25:51 -0400

Source diff to previous version
CVE-2017-17833 OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or
CVE-2018-12938 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17833. Reason: This candidate is a duplicate of CVE-2017-17833. Notes: All CV

Version: 1.2.1-9ubuntu0.2 2015-09-03 18:13:41 UTC

  openslp-dfsg (1.2.1-9ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via out-of-bounds buffer access
    - debian/patches/CVE-2012-4428.patch: fix handling of string-list in
      common/slp_compare.c
    - CVE-2012-4428
  * SECURITY UPDATE: denial of service via double free flaw
    - debian/patches/CVE-2015-5177.patch: fix double free if
      SLPDKnownDAAdd() fails in slpd/slpd_knownda.c.
    - CVE-2015-5177
  * debian/preinst, debian/postinst: removed as they weren't needed and
    were causing package to be uninstallable on trusty.

 -- Marc Deslauriers Fri, 28 Aug 2015 15:51:20 -0400

CVE-2015-5177 double free in SLPDProcessMessage()



About   -   Send Feedback to @ubuntu_updates