logo
DATABASE RESOURCES PRICING ABOUT US

Critical: openslp

Description

**Issue Overview:** A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd service.(CVE-2019-5544) **Affected Packages:** openslp **Issue Correction:** Run _yum update openslp_ to update your system. **New Packages:** aarch64:     openslp-2.0.0-8.amzn2.aarch64     openslp-server-2.0.0-8.amzn2.aarch64     openslp-devel-2.0.0-8.amzn2.aarch64     openslp-debuginfo-2.0.0-8.amzn2.aarch64 i686:     openslp-2.0.0-8.amzn2.i686     openslp-server-2.0.0-8.amzn2.i686     openslp-devel-2.0.0-8.amzn2.i686     openslp-debuginfo-2.0.0-8.amzn2.i686 src:     openslp-2.0.0-8.amzn2.src x86_64:     openslp-2.0.0-8.amzn2.x86_64     openslp-server-2.0.0-8.amzn2.x86_64     openslp-devel-2.0.0-8.amzn2.x86_64     openslp-debuginfo-2.0.0-8.amzn2.x86_64


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 2 openslp 2.0.0-8.amzn2
Amazon Linux 2 openslp-server 2.0.0-8.amzn2
Amazon Linux 2 openslp-devel 2.0.0-8.amzn2
Amazon Linux 2 openslp-debuginfo 2.0.0-8.amzn2
Amazon Linux 2 openslp 2.0.0-8.amzn2
Amazon Linux 2 openslp-server 2.0.0-8.amzn2
Amazon Linux 2 openslp-devel 2.0.0-8.amzn2
Amazon Linux 2 openslp-debuginfo 2.0.0-8.amzn2
Amazon Linux 2 openslp 2.0.0-8.amzn2
Amazon Linux 2 openslp 2.0.0-8.amzn2
Amazon Linux 2 openslp-server 2.0.0-8.amzn2
Amazon Linux 2 openslp-devel 2.0.0-8.amzn2
Amazon Linux 2 openslp-debuginfo 2.0.0-8.amzn2

Related