Overview

File _patchinfo of Package patchinfo.6401

<patchinfo incident="6401">
  <issue id="994989" tracker="bnc">openslp doesn't work with net.slp.securityEnabled=true</issue>
  <issue id="980722" tracker="bnc">VUL-1: CVE-2016-4912: openslp: null pointer dereference in _xrealloc() function</issue>
  <issue id="974655" tracker="bnc">openslp: there's not need to ship /etc/init/slpd anymore</issue>
  <issue id="1001600" tracker="bnc">VUL-0: CVE-2016-7567: openslp: OpenSLP Memory Corruption in SLPFoldWhiteSpace</issue>
  <issue id="2016-4912" tracker="cve" />
  <issue id="2016-7567" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>mlschroe</packager>
  <description>This update for openslp fixes two security issues and two bugs.

The following vulnerabilities were fixed:

- CVE-2016-4912: A remote attacker could have crashed the server with a large
  number of packages (bsc#980722)
- CVE-2016-7567: A remote attacker could cause a memory corruption having
  unspecified impact (bsc#1001600)

The following bugfix changes are included:

- bsc#994989: Removed convenience code as changes bytes in the message buffer
  breaking the verification code
- bsc#974655: Removed no longer needed slpd init file
</description>
  <summary>Security update for openslp</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places