Overview

File _patchinfo of Package patchinfo.6683

<patchinfo incident="6683">
  <issue id="1034574" tracker="bnc">VUL-0: CVE-2016-10324: libosip2: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap bufferoverflow in the osi...</issue>
  <issue id="1034571" tracker="bnc">VUL-0: CVE-2016-10326: libosip2: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap bufferoverflow in the osi...</issue>
  <issue id="1034570" tracker="bnc">VUL-0: CVE-2017-7853: libosip2: In libosip2 in GNU oSIP 5.0.0, a malformed SIP message can lead to a heap bufferoverflow in the msg...</issue>
  <issue id="1034572" tracker="bnc">VUL-0: CVE-2016-10325: libosip2: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap bufferoverflow in the _os...</issue>
  <issue id="2016-10326" tracker="cve" />
  <issue id="2016-10324" tracker="cve" />
  <issue id="2016-10325" tracker="cve" />
  <issue id="2017-7853" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>oertel</packager>
  <description>
This update for libosip2 fixes the following issues:

Changes in libosip2:

- CVE-2017-7853: In libosip2 in GNU 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. (boo#1034570)
- CVE-2016-10326: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS. (boo#1034571)
- CVE-2016-10325: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS. (boo#1034572)
- CVE-2016-10324: In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c. (boo#1034574)
</description>
  <summary>Security update for libosip2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places