Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4580 openslp-dfsg security update 9 December 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openslp-dfsg Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-5544 CVE-2017-17833 Reference: ESB-2018.1994 ESB-2018.1292 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/12/msg00007.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : openslp-dfsg Version : 1.2.1-10+deb8u2 CVE IDs : CVE-2017-17833 CVE-2019-5544 The OpenSLP package had two open security issues: CVE-2017-17833 OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. CVE-2019-5544 OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the critical severity range. For Debian 8 "Jessie", these problems have been fixed in version 1.2.1-10+deb8u2. This upload was prepared by Utkarsh Gupta <guptautkarsh2102@gmail.com>. We recommend that you upgrade your openslp-dfsg packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl3s8b8ACgkQHpU+J9Qx HliTnA//SA/39j9+8y0HfPEgWdcQZFQHhjb66HsRU9Vi5SEcWNKN7baMcMwIKITU UnnzR7TvL8X6RkJNVIESL1mCTw3ZM0l3nlJV1ld2qRV15pKZAaisBEJl7uSINXvf D+CmUkDiOGEP4fkkE3l98l+rX2Lgb7LqpkFEckag4miJ546P6QgAWEajMBQde/xr +xPLPUpRs+CDAFDyIazPZEwS78PZ9WcTqe9v7sSvNj9quAfMCCjVB5mYCm4EZ8Pr oVY0VSmISlv5l15jZt0yiAQPuMEOIRjEBcnayfK859EbHP5n2KmbPxl3pr8Z+hqE 3T0QbB+dknR+JoAqyc1yEeKki2TygAMRitrPs+YM0Ljw0Er03NS3nwGhDiOpTYse n8kgZTlDVwoSNS1t7luWF0v9K+l+0Un5Elh5n2EwkkW1sRPniPyp/1CXDxV3SotS yfeJQ8MJzyC58lYsvhIegG7se0zY1z6yM5cqvZdtniLRO7aPqJaXRuayJuz3KZx9 RlKAd+vO+Vbi+Q/uMtdMcn4I20rx5zVTDvAbyn7nWMEsGAuAcnX5e5scZXId5wEx ndlTMjLLCRENVgZ4YUYecLUbXEtrroPI5IwvANsT3XvuZxCCj2FdbR85E/iuEqS3 BnmXEfozMATSCHuBbqT47Wpl9h9I58dpXa529fUCSujjXcxbCvU= =SxtB - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXe1+BWaOgq3Tt24GAQiHIhAAy6MvGwjrxk1NpDs2pzVXaAC95QjAYduw pB6+lJYGBrlylgZUFIC3X6VfUbEuVMlgBVn4+T2fCiQ8pKrs2V8+06ZBFuhE+mdx cxLMwyodVE0Zs6MRK7etX3rstQU6R0Yojm0X3RxY7sg1d+0kH9u+rVbdV44NOmkA c/cI1j3i0jjAD88enwg4FKzbiYoZp6A5TXaAv2LfkZgvy1GQKjBdafSScI/CGZHq 8X37KfCk0py6WQt95NaRoHy718oqTvlyArgDDi1FximLmzRK8l1FsRj/AAtkzYje j9yWEmn8bGdJPAOo/lMhItHIYAJxuzTIVaglpBzudmiNLETLI69MZUcX2hKetB9l Fx7a17hMAjpNa4q5RTttcBVKa2x+zaO6TYaumwFLsEwffbqdYifoQSTgq7dLPE/O XiotpSjtv1N8a5ootdEDCRx7V1RC6wGJ9IrovDN2uhjVjEl/r2c2m8OmO/fgnRxd e6i7vsbt4cSwIyGwNL4hWnQAjQ+a+k1SNNIDQtL7tI9CwGUubTHCIiqZ/YgBCfPY eO61KjGiyBsrJIl0Ydi2W762b4Xv0dnBrnQf6GbAh9JzdLXm6aMO+0hzpfnaCSsy 8/3mw5Ml1f8MNYB5lqRKtOR8HdXYitvnFV0l2U2MVz57aN9hOIJYu0IbCChSEhxm aO9wpfSIeR4= =B8Dg -----END PGP SIGNATURE-----