logo
DATABASE RESOURCES PRICING ABOUT US

Important: openslp

Description

**Issue Overview:** A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution.(CVE-2017-17833) **Affected Packages:** openslp **Issue Correction:** Run _yum update openslp_ to update your system. **New Packages:** i686:     openslp-2.0.0-7.amzn2.i686     openslp-server-2.0.0-7.amzn2.i686     openslp-devel-2.0.0-7.amzn2.i686     openslp-debuginfo-2.0.0-7.amzn2.i686 src:     openslp-2.0.0-7.amzn2.src x86_64:     openslp-2.0.0-7.amzn2.x86_64     openslp-server-2.0.0-7.amzn2.x86_64     openslp-devel-2.0.0-7.amzn2.x86_64     openslp-debuginfo-2.0.0-7.amzn2.x86_64 ### Additional References Red Hat: [CVE-2017-17833](<https://access.redhat.com/security/cve/CVE-2017-17833>) Mitre: [CVE-2017-17833](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17833>)


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 2 openslp 2.0.0-7.amzn2
Amazon Linux 2 openslp-server 2.0.0-7.amzn2
Amazon Linux 2 openslp-devel 2.0.0-7.amzn2
Amazon Linux 2 openslp-debuginfo 2.0.0-7.amzn2
Amazon Linux 2 openslp 2.0.0-7.amzn2
Amazon Linux 2 openslp 2.0.0-7.amzn2
Amazon Linux 2 openslp-server 2.0.0-7.amzn2
Amazon Linux 2 openslp-devel 2.0.0-7.amzn2
Amazon Linux 2 openslp-debuginfo 2.0.0-7.amzn2

Related