[USN-1118-1] OpenSLP vulnerability
--=-MuawWQ2IlLd5+FU36iiU
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-1118-1
April 20, 2011
openslp, openslp-dfsg vulnerability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Summary:
An attacker could send crafted input to OpenSLP and cause it to hang.
Software Description:
- openslp-dfsg: OpenSLP is an implementation of the Service Location Protoc=
ol
- openslp: OpenSLP is an implementation of the Service Location Protocol
Details:
It was discovered that OpenSLP incorrectly handled certain corrupted
messages. A remote attacker could send a specially crafted packet to
the OpenSLP server and cause it to hang, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
libslp1 1.2.1-7.7ubuntu0.1
Ubuntu 10.04 LTS:
libslp1 1.2.1-7.6ubuntu0.1
Ubuntu 9.10:
libslp1 1.2.1-7.5ubuntu0.1
Ubuntu 8.04 LTS:
libslp1 1.2.1-7.1ubuntu0.2
Ubuntu 6.06 LTS:
libslp1 1.2.1-5ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
CVE-2010-3609
Package Information:
https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.7ubuntu0.1
https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.6ubuntu0.1
https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.5ubuntu0.1
https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.1ubuntu0.2
https://launchpad.net/ubuntu/+source/openslp/1.2.1-5ubuntu0.2
--=-MuawWQ2IlLd5+FU36iiU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJNruGkAAoJEGVp2FWnRL6TXBoP/RsyhYgpQEd62Q+h6HR71KTJ
ZBftkJ//OxY2oar1YaKqQrmMo9bKg4Y9ACZhsFvwyAT7zcEsTxgTfYNyAzjMNTsI
RPBdf+RR5vWexu+C/pwaxz1wYcGFL7y7bMyAMnQBU6eyOVaPeH2bWR+Npv7lx6QF
HaeialvvdnPuR/rd0wjwRly2z37O3SNn79tyP/eTLt3JMmNVA6Skf4d2Wl8gyTpo
vB+yZgwg4+lwjcitIxdQcSpg+YXn3laTbBbCxg/klVVQCGAa1sy+5hO3kUYsk+/h
OllRU2SF/fIsd7XjXofQRt0tyt0nWmhfHRaNxoa1JXKEdAxn/khUo6iF5Gyc1bFO
n6UreALnyvg0sX+z5/LK9/RzQ82D/lLuFCCix22ovSgJCdm5eb7JS+m+hzdU1wN1
VViM7m4F8vm3RTXxrlF7vYjiUY6cfi5bbfZH9mOqk0YxbINd8HDG3/jmkD5ynBtq
gTYHKGoQbXrsjkvXO7eLg/0oKH2zN4Jo8AecQD/EMzrTKnuXB5dSryuLSWEghJOA
ncKpdzUoTOZ6d8Ed3yLz/KyXDYMQzfsaDOlk85UcnXR50kqXkJUuhQERD+42vicI
EzaDfDetNFvYfdUYEED4ALsQ9RwLKHzpOmrKlSQE36qL1z/7FbcpzuYGKpKC4qgn
AqoQ7eb8lw1j6vRezkN5
=ySWU
-----END PGP SIGNATURE-----
--=-MuawWQ2IlLd5+FU36iiU--