remote code execution in openwsman

2008-08-14T18:02:43
ID SUSE-SA:2008:041
Type suse
Reporter Suse
Modified 2008-08-14T18:02:43

Description

The openwsman project provides an implementation of the Web Service Management specification. The SuSE Security-Team has found two critical issues in the code: - two remote buffer overflows while decoding the HTTP basic authentication header (CVE-2008-2234) - a possible SSL session replay attack affecting the client (depending on the configuration) (CVE-2008-2233) Both issues were fixed.

Solution

Please install the fixed package.