18600 – openslp new security issue CVE-2016-4912

Bug 18600 - openslp new security issue CVE-2016-4912

Summary: openslp new security issue CVE-2016-4912

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/690416/
Whiteboard:	MGA5-64-OK MGA5-32-OK advisory
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2016-06-01 17:11 CEST by David Walser
Modified:	2016-06-10 21:06 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	openslp-2.0.0-5.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-06-01 17:11:02 CEST

Fedora has issued an advisory on May 31:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FGW44JV455TRJ2NZQTEP76JKMFFO2JGS/

Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated openslp packages fix security vulnerability:

A null pointer dereference vulnerability was found in function _xrealloc() in
xlsp_xmalloc.c in OpenSLP. A remote attacker could potentially crash the server
when large number of packets are sent (CVE-2016-4912).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4912
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FGW44JV455TRJ2NZQTEP76JKMFFO2JGS/
========================

Updated packages in core/updates_testing:
========================
openslp-2.0.0-5.1.mga5
libslp1-2.0.0-5.1.mga5
libslp-devel-2.0.0-5.1.mga5

from openslp-2.0.0-5.1.mga5.src.rpm

Comment 1 Lewis Smith 2016-06-02 09:24:02 CEST

Dave
Since you did Bug 7081 on this, and seemed to know what it was about, could you possibly have a look at this one? Your previous test did not look onerous. I have added you to the CC list in hope.
TIA

CC: (none) => davidwhodgins, lewyssmith

David Walser 2016-06-08 21:03:29 CEST

URL: (none) => http://lwn.net/Vulnerabilities/690416/

Comment 2 Dave Hodgins 2016-06-09 20:44:47 CEST

Using virtualbox m5 i586 and x86_64 guests for the test. In both systems,
which are using 196.168.10 addresses, the hostnames/ip addresses are defined
in bind, running on the host ...
# cat /etc/shorewall/rules.drakx 
ACCEPT  net:192.168.0.0/16 fw

Installed openslp and ran service slpd start. Then ...
# slptool findsrvs service:service-agent
service:service-agent://192.168.10.117,65535
service:service-agent://192.168.10.116,65535

Same output on both guests, except order reversed.

Installed the update, and confirmed output is the same.

Advisory committed to svn. Validating the update.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA5-64-OK MGA5-32-OK advisory
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2016-06-10 21:06:45 CEST

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0222.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.