Bug 18600

Summary: openslp new security issue CVE-2016-4912
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, lewyssmith, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/690416/
Whiteboard: MGA5-64-OK MGA5-32-OK advisory
Source RPM: openslp-2.0.0-5.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-06-01 17:11:02 CEST 
Fedora has issued an advisory on May 31:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FGW44JV455TRJ2NZQTEP76JKMFFO2JGS/

Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated openslp packages fix security vulnerability:

A null pointer dereference vulnerability was found in function _xrealloc() in
xlsp_xmalloc.c in OpenSLP. A remote attacker could potentially crash the server
when large number of packets are sent (CVE-2016-4912).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4912
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FGW44JV455TRJ2NZQTEP76JKMFFO2JGS/
========================

Updated packages in core/updates_testing:
========================
openslp-2.0.0-5.1.mga5
libslp1-2.0.0-5.1.mga5
libslp-devel-2.0.0-5.1.mga5

from openslp-2.0.0-5.1.mga5.src.rpm
Comment 1 Lewis Smith 2016-06-02 09:24:02 CEST 
Dave
Since you did Bug 7081 on this, and seemed to know what it was about, could you possibly have a look at this one? Your previous test did not look onerous. I have added you to the CC list in hope.
TIA

CC: (none) => davidwhodgins, lewyssmith

David Walser 2016-06-08 21:03:29 CEST

URL: (none) => http://lwn.net/Vulnerabilities/690416/

Comment 2 Dave Hodgins 2016-06-09 20:44:47 CEST 
Using virtualbox m5 i586 and x86_64 guests for the test. In both systems,
which are using 196.168.10 addresses, the hostnames/ip addresses are defined
in bind, running on the host ...
# cat /etc/shorewall/rules.drakx 
ACCEPT  net:192.168.0.0/16 fw

Installed openslp and ran service slpd start. Then ...
# slptool findsrvs service:service-agent
service:service-agent://192.168.10.117,65535
service:service-agent://192.168.10.116,65535

Same output on both guests, except order reversed.

Installed the update, and confirmed output is the same.

Advisory committed to svn. Validating the update.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA5-64-OK MGA5-32-OK advisory
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2016-06-10 21:06:45 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0222.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED