Fedora has issued an advisory on May 31: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FGW44JV455TRJ2NZQTEP76JKMFFO2JGS/ Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated openslp packages fix security vulnerability: A null pointer dereference vulnerability was found in function _xrealloc() in xlsp_xmalloc.c in OpenSLP. A remote attacker could potentially crash the server when large number of packets are sent (CVE-2016-4912). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4912 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FGW44JV455TRJ2NZQTEP76JKMFFO2JGS/ ======================== Updated packages in core/updates_testing: ======================== openslp-2.0.0-5.1.mga5 libslp1-2.0.0-5.1.mga5 libslp-devel-2.0.0-5.1.mga5 from openslp-2.0.0-5.1.mga5.src.rpm
Dave Since you did Bug 7081 on this, and seemed to know what it was about, could you possibly have a look at this one? Your previous test did not look onerous. I have added you to the CC list in hope. TIA
CC: (none) => davidwhodgins, lewyssmith
URL: (none) => http://lwn.net/Vulnerabilities/690416/
Using virtualbox m5 i586 and x86_64 guests for the test. In both systems, which are using 196.168.10 addresses, the hostnames/ip addresses are defined in bind, running on the host ... # cat /etc/shorewall/rules.drakx ACCEPT net:192.168.0.0/16 fw Installed openslp and ran service slpd start. Then ... # slptool findsrvs service:service-agent service:service-agent://192.168.10.117,65535 service:service-agent://192.168.10.116,65535 Same output on both guests, except order reversed. Installed the update, and confirmed output is the same. Advisory committed to svn. Validating the update.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA5-64-OK MGA5-32-OK advisoryCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0222.html
Status: NEW => RESOLVEDResolution: (none) => FIXED