Security update for openslp
This update for openslp fixes two security issues and two bugs.
The following vulnerabilities were fixed:
- CVE-2016-4912: A remote attacker could have crashed the server with a large number of packages (bsc#980722)
- CVE-2016-7567: A remote attacker could cause a memory corruption having unspecified impact (bsc#1001600)
The following bugfix changes are included:
- bsc#994989: Removed convenience code as changes bytes in the message buffer breaking the verification code
- bsc#974655: Removed no longer needed slpd init file
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Michael Schröder (mlschroe)
Fixed bugs
bnc#994989
openslp doesn't work with net.slp.securityEnabled=true
bnc#980722
VUL-1: CVE-2016-4912: openslp: null pointer dereference in _xrealloc() function
bnc#974655
openslp: there's not need to ship /etc/init/slpd anymore
bnc#1001600
VUL-0: CVE-2016-7567: openslp: OpenSLP Memory Corruption in SLPFoldWhiteSpace
