Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 16.04 LTS USN-4919-1 Critical: OpenSLP Network Crash Threat

ubuntu
Calendar Grey April 19, 2021
Dist Ubuntu Esm H88
OpenSLP flaw on Ubuntu causes instability or allows unauthorized code execution via specially crafted network packets.
OpenSLP could be made to crash or run programs as your login if it received specially crafted network traffic.

Summary

OpenSLP could be made to crash or run programs as your login if it received

specially crafted network traffic.

Software Description:

- openslp-dfsg: Service Location Protocol library

Details:

It was discovered that OpenSLP did not properly validate URLs. A remote

attacker could use this issue to cause OpenSLP to crash or possibly execute

arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libslp1                         1.2.1-11ubuntu0.16.04.2

Ubuntu 14.04 ESM:
  libslp1                         1.2.1-9ubuntu0.3+esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-4919-1

  CVE-2019-5544

Severity
critical
Lowest
Low
Medium
High
Critical

April 19, 2021

Package Information

  https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-11ubuntu0.16.04.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here