The SUSE Security Team reviewed critical parts of the OpenSLP package, an open source implementation of the Service Location Protocol (SLP). SLP is used by Desktops to locate certain services such as printers and by servers to announce their services. During the audit, various buffer overflows and out of bounds memory access have been fixed which can be triggered by remote attackers by sending malformed SLP packets.
There is no easy workaround except to shut down the slpd and to stop using involved clients.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.2 | x86_64 | openslp | < 1.1.5-80.4 | openslp-1.1.5-80.4.x86_64.rpm |
openSUSE | 9.1 | i586 | openslp-devel | < 1.1.5-73.15 | openslp-devel-1.1.5-73.15.i586.rpm |
openSUSE | 9.1 | x86_64 | openslp-devel | < 1.1.5-73.15 | openslp-devel-1.1.5-73.15.x86_64.rpm |
openSUSE | 9.2 | x86_64 | openslp-devel | < 1.1.5-80.4 | openslp-devel-1.1.5-80.4.x86_64.rpm |
openSUSE | 9.1 | i586 | openslp | < 1.1.5-73.15 | openslp-1.1.5-73.15.i586.rpm |
openSUSE | 9.1 | i586 | openslp-server | < 1.1.5-73.15 | openslp-server-1.1.5-73.15.i586.rpm |
openSUSE | 9.2 | i586 | openslp-devel | < 1.1.5-80.4 | openslp-devel-1.1.5-80.4.i586.rpm |
openSUSE | 9.2 | i586 | openslp | < 1.1.5-80.4 | openslp-1.1.5-80.4.i586.rpm |
openSUSE | 9.2 | i586 | openslp-server | < 1.1.5-80.4 | openslp-server-1.1.5-80.4.i586.rpm |
openSUSE | 9.1 | x86_64 | openslp | < 1.1.5-73.15 | openslp-1.1.5-73.15.x86_64.rpm |