Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Ubuntu: 1118-1 moderate: OpenSLP Denial of Service Threat

ubuntu
Calendar Grey April 20, 2011
Scroller Ubuntu
The Ubuntu Security Notice USN-1119-2 reports on vulnerabilities within OpenSSL that impact several Ubuntu distributions.
An attacker could send crafted input to OpenSLP and cause it to hang.

Summary

An attacker could send crafted input to OpenSLP and cause it to hang.

Software Description:

- openslp-dfsg: OpenSLP is an implementation of the Service Location Protocol

- openslp: OpenSLP is an implementation of the Service Location Protocol

Details:

It was discovered that OpenSLP incorrectly handled certain corrupted

messages. A remote attacker could send a specially crafted packet to

the OpenSLP server and cause it to hang, leading to a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  libslp1                         1.2.1-7.7ubuntu0.1

Ubuntu 10.04 LTS:
  libslp1                         1.2.1-7.6ubuntu0.1

Ubuntu 9.10:
  libslp1                         1.2.1-7.5ubuntu0.1

Ubuntu 8.04 LTS:
  libslp1                         1.2.1-7.1ubuntu0.2

Ubuntu 6.06 LTS:
  libslp1                         1.2.1-5ubuntu0.2

In general, a standard system update will make all the necessary changes.

References

CVE-2010-3609

April 20, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.