-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4580
                       openslp-dfsg security update
                              9 December 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           openslp-dfsg
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-5544 CVE-2017-17833 

Reference:         ESB-2018.1994
                   ESB-2018.1292

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2019/12/msg00007.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : openslp-dfsg
Version        : 1.2.1-10+deb8u2
CVE IDs        : CVE-2017-17833 CVE-2019-5544


The OpenSLP package had two open security issues:

CVE-2017-17833

    OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related
    memory corruption issue which may manifest itself as a denial-of-service
    or a remote code-execution vulnerability.

CVE-2019-5544

    OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap
    overwrite issue. VMware has evaluated the severity of this issue to be in
    the critical severity range.

For Debian 8 "Jessie", these problems have been fixed in version
1.2.1-10+deb8u2. This upload was prepared by Utkarsh Gupta
<guptautkarsh2102@gmail.com>.

We recommend that you upgrade your openslp-dfsg packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- - -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl3s8b8ACgkQHpU+J9Qx
HliTnA//SA/39j9+8y0HfPEgWdcQZFQHhjb66HsRU9Vi5SEcWNKN7baMcMwIKITU
UnnzR7TvL8X6RkJNVIESL1mCTw3ZM0l3nlJV1ld2qRV15pKZAaisBEJl7uSINXvf
D+CmUkDiOGEP4fkkE3l98l+rX2Lgb7LqpkFEckag4miJ546P6QgAWEajMBQde/xr
+xPLPUpRs+CDAFDyIazPZEwS78PZ9WcTqe9v7sSvNj9quAfMCCjVB5mYCm4EZ8Pr
oVY0VSmISlv5l15jZt0yiAQPuMEOIRjEBcnayfK859EbHP5n2KmbPxl3pr8Z+hqE
3T0QbB+dknR+JoAqyc1yEeKki2TygAMRitrPs+YM0Ljw0Er03NS3nwGhDiOpTYse
n8kgZTlDVwoSNS1t7luWF0v9K+l+0Un5Elh5n2EwkkW1sRPniPyp/1CXDxV3SotS
yfeJQ8MJzyC58lYsvhIegG7se0zY1z6yM5cqvZdtniLRO7aPqJaXRuayJuz3KZx9
RlKAd+vO+Vbi+Q/uMtdMcn4I20rx5zVTDvAbyn7nWMEsGAuAcnX5e5scZXId5wEx
ndlTMjLLCRENVgZ4YUYecLUbXEtrroPI5IwvANsT3XvuZxCCj2FdbR85E/iuEqS3
BnmXEfozMATSCHuBbqT47Wpl9h9I58dpXa529fUCSujjXcxbCvU=
=SxtB
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXe1+BWaOgq3Tt24GAQiHIhAAy6MvGwjrxk1NpDs2pzVXaAC95QjAYduw
pB6+lJYGBrlylgZUFIC3X6VfUbEuVMlgBVn4+T2fCiQ8pKrs2V8+06ZBFuhE+mdx
cxLMwyodVE0Zs6MRK7etX3rstQU6R0Yojm0X3RxY7sg1d+0kH9u+rVbdV44NOmkA
c/cI1j3i0jjAD88enwg4FKzbiYoZp6A5TXaAv2LfkZgvy1GQKjBdafSScI/CGZHq
8X37KfCk0py6WQt95NaRoHy718oqTvlyArgDDi1FximLmzRK8l1FsRj/AAtkzYje
j9yWEmn8bGdJPAOo/lMhItHIYAJxuzTIVaglpBzudmiNLETLI69MZUcX2hKetB9l
Fx7a17hMAjpNa4q5RTttcBVKa2x+zaO6TYaumwFLsEwffbqdYifoQSTgq7dLPE/O
XiotpSjtv1N8a5ootdEDCRx7V1RC6wGJ9IrovDN2uhjVjEl/r2c2m8OmO/fgnRxd
e6i7vsbt4cSwIyGwNL4hWnQAjQ+a+k1SNNIDQtL7tI9CwGUubTHCIiqZ/YgBCfPY
eO61KjGiyBsrJIl0Ydi2W762b4Xv0dnBrnQf6GbAh9JzdLXm6aMO+0hzpfnaCSsy
8/3mw5Ml1f8MNYB5lqRKtOR8HdXYitvnFV0l2U2MVz57aN9hOIJYu0IbCChSEhxm
aO9wpfSIeR4=
=B8Dg
-----END PGP SIGNATURE-----