Bug 7081

Summary: openslp missing update for security issue CVE-2010-3609
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/417770/
Whiteboard: MGA1TOO MGA1-32-OK MGA1-64-OK has_procedure MGA2-32-OK MGA2-64-OK
Source RPM: openslp-1.2.1-11.mga1.src.rpm CVE:
Status comment:

Description David Walser 2012-08-16 18:40:39 CEST 
Ubuntu has issued an advisory on April 20, 2011:
http://www.ubuntu.com/usn/usn-1118-1/

Patched package uploaded for Mageia 1, Mageia 2, and Cauldron.

Advisory:
========================

Updated openslp packages fix security vulnerability:

The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote
attackers to cause a denial of service (infinite loop) via a packet with
a "next extension offset" that references this extension or a previous
extension (CVE-2010-3609).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609
http://www.ubuntu.com/usn/usn-1118-1/
========================

Updated packages in core/updates_testing:
========================
openslp-1.2.1-11.1.mga1
libopenslp1-1.2.1-11.1.mga1
libopenslp1-devel-1.2.1-11.1.mga1
openslp-1.2.1-11.1.mga2
libopenslp1-1.2.1-11.1.mga2
libopenslp1-devel-1.2.1-11.1.mga2

from SRPMS:
openslp-1.2.1-11.1.mga1.src.rpm
openslp-1.2.1-11.1.mga2.src.rpm
David Walser 2012-08-16 18:40:47 CEST

Whiteboard: (none) => MGA1TOO

Comment 1 Dave Hodgins 2012-08-16 23:50:19 CEST 
Testing complete on Mageia 1 i586 and x86-64.

No poc, so just testing that the program works.

Note: the /etc/hosts file must not contain an entry for $(hostname)
with 127.0.0.1.  Either comment out the line, and use a dns server,
or put the nic ip in the hosts file.

On 192.168.10.103, I have Mageia 1 i586.
On 192.168.10.105, I have Mageia 1 x86-64.

Both have the slpd service running.

On i586 ...
# slptool findsrvs service:service-agent
service:service-agent://192.168.10.105,65535
service:service-agent://192.168.10.103,65535

On x86-64 ...
# slptool findsrvs service:service-agent
service:service-agent://192.168.10.105,65535
service:service-agent://192.168.10.103,65535

I'll test Mageia 2 shortly.

CC: (none) => davidwhodgins
Whiteboard: MGA1TOO => MGA1TOO MGA1-32-OK MGA1-64-OK has_procedure

Comment 2 Dave Hodgins 2012-08-17 00:15:41 CEST 
Testing complete on Mageia 2 i586 and x86-64.

On Mageia 2 i586 ...
[root@i2v ~]# slptool findsrvs service:service-agent
service:service-agent://192.168.10.104,65535
service:service-agent://192.168.10.105,65535
service:service-agent://192.168.10.103,65535
service:service-agent://192.168.10.106,65535

And on Mageia 2 x86-64 ...
[root@x2v ~]# slptool findsrvs service:service-agent
service:service-agent://192.168.10.105,65535
service:service-agent://192.168.10.103,65535
service:service-agent://192.168.10.106,65535
service:service-agent://192.168.10.104,65535

Could someone from the sysadmin team push the srpm
openslp-1.2.1-11.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpm
openslp-1.2.1-11.1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated openslp packages fix security vulnerability:

The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote
attackers to cause a denial of service (infinite loop) via a packet with
a "next extension offset" that references this extension or a previous
extension (CVE-2010-3609).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3609
http://www.ubuntu.com/usn/usn-1118-1/

https://bugs.mageia.org/show_bug.cgi?id=7081

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA1TOO MGA1-32-OK MGA1-64-OK has_procedure => MGA1TOO MGA1-32-OK MGA1-64-OK has_procedure MGA2-32-OK MGA2-64-OK

Comment 3 Thomas Backlund 2012-08-18 12:55:04 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED