Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 15 articles for you...
172
security advisorycriticalremote executionUbuntu 16.04 LTS USN-4919-1 Critical: OpenSLP Network Crash Threat
OpenSLP could be made to crash or run programs as your login if it received specially crafted network traffic.. =========================================================================Ubuntu Security Notice USN-4919-1 April 19, 2021 openslp-dfsg vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: OpenSLP could be made to crash or run programs as your login if it received specially crafted network traffic. Software Description: - openslp-dfsg: Service Location Protocol library Details: It was discovered that OpenSLP did not properly validate URLs. A remote attacker could use this issue to cause OpenSLP to crash or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libslp1 1.2.1-11ubuntu0.16.04.2 Ubuntu 14.04 ESM: libslp1 1.2.1-9ubuntu0.3+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4919-1 CVE-2019-5544 Package Information: https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-11ubuntu0.16.04.2 . OpenSLP flaw on Ubuntu causes instability or allows unauthorized code execution via specially crafted network packets.. openslp vulnerability, ubuntu 16.04, security notice. . Severity: Critical. LinuxSecurity.com Team
Apr 19, 2021
•Critical
Ubuntu
203
security advisoryremote executionheap overflowMageia 7: MGASA-2020-0075 Moderate: OpenSLP Heap Overflow
A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd . MGASA-2020-0075 - Updated openslp packages fix security vulnerability Publication date: 09 Feb 2020 URL: https://advisories.mageia.org/MGASA-2020-0075.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-5544 A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd service (CVE-2019-5544). References: - https://bugs.mageia.org/show_bug.cgi?id=25841 - https://www.openwall.com/lists/oss-security/2019/12/06/1 - https://www.cve.org/CVERecord?id=CVE-2019-5544 SRPMS: - 7/core/openslp-2.0.0-10.1.mga7 . Recent Mageia releases include OpenSLP updates that address a critical buffer overflow issue, enabling potential remote code execution vulnerabilities.. heap-based, buffer overflow, openslp security, mageia advisory, remote execution. . Severity: Important. LinuxSecurity.com Team
Feb 09, 2020
•Important
Mageia
199
security advisorysecurity issueupdateCentOS 6: CESA-2020-0199 Critical OpenSLP Security Issue
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0199. CentOS Errata and Security Advisory 2020:0199 Critical Upstream details at : https://access.redhat.com/errata/RHSA-2020:0199 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 01c62b8aff92678750af0ee740fe9751ea72bedbce518f6a8343274175500ca3 openslp-2.0.0-4.el6_10.i686.rpm d7ecbbf297d043a9e927ab2db21ebb752686242cbf7ccb3c7e25dd063b48c403 openslp-devel-2.0.0-4.el6_10.i686.rpm 46b578a89258772fb98092e038b5148f1dc3ab7d69e2e2ae0f03c27fdb42650e openslp-server-2.0.0-4.el6_10.i686.rpm x86_64: 01c62b8aff92678750af0ee740fe9751ea72bedbce518f6a8343274175500ca3 openslp-2.0.0-4.el6_10.i686.rpm ef962fe8591ba8ea125a72739348ae69748326147e6a4a76f37f017a36c6b7bc openslp-2.0.0-4.el6_10.x86_64.rpm d7ecbbf297d043a9e927ab2db21ebb752686242cbf7ccb3c7e25dd063b48c403 openslp-devel-2.0.0-4.el6_10.i686.rpm 61549ced3795b0ee5feb10a8c1134c3d3dc5d8e1a943cb6c7694f14c5b1c434f openslp-devel-2.0.0-4.el6_10.x86_64.rpm c6a29e45de9587febdec09d73110423e33cd3b489443426b26016e92f8968b40 openslp-server-2.0.0-4.el6_10.x86_64.rpm Source: 7a80b3f7cd75c87b17ec227e93b2b39a4a7cf587c12bd0f2765a2bb421f2b1c3 openslp-2.0.0-4.el6_10.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Jan 28, 2020
•Critical
CentOS
200
security advisorybuffer overflowcriticalSciLinux: SLSA-2020:0199-1 Critical: openslp Buffer Overflow Risk
openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) SL6 x86_64 openslp-2.0.0-4.el6_10.i686.rpm openslp-2.0.0-4.el6_10.x86_64.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.x86_64.rpm o [More...]. Synopsis: Critical: openslp security update Advisory ID: SLSA-2020:0199-1 Issue Date: 2020-01-22 CVE Numbers: CVE-2019-5544 -- Security Fix(es): * openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) -- SL6 x86_64 openslp-2.0.0-4.el6_10.i686.rpm openslp-2.0.0-4.el6_10.x86_64.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.x86_64.rpm openslp-server-2.0.0-4.el6_10.x86_64.rpm i386 openslp-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-server-2.0.0-4.el6_10.i686.rpm - Scientific Linux Development Team . Urgent openslp security patch for SL6 resolving a buffer overflow vulnerability that enables remote code execution.. openslp, critical update, remote execution, buffer overflow, security fix. . Severity: Critical. LinuxSecurity.com Team
Jan 22, 2020
•Critical
Scientific Linux
98
security advisoryRed Hatbuffer overflowRed Hat Enterprise Linux 6: RHSA-2020:0199-01 Urgent: OpenSLP RCE Update
An update for openslp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: openslp security update Advisory ID: RHSA-2020:0199-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0199 Issue date: 2020-01-22 CVE Names: CVE-2019-5544 ==================================================================== 1. Summary: An update for openslp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Security Fix(es): *openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1777788 - CVE-2019-5544 openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openslp-2.0.0-4.el6_10.src.rpm i386: openslp-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm x86_64: openslp-2.0.0-4.el6_10.i686.rpm openslp-2.0.0-4.el6_10.x86_64.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-server-2.0.0-4.el6_10.i686.rpm x86_64: openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.x86_64.rpm openslp-server-2.0.0-4.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openslp-2.0.0-4.el6_10.src.rpm x86_64: openslp-2.0.0-4.el6_10.i686.rpm openslp-2.0.0-4.el6_10.x86_64.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.x86_64.rpm openslp-server-2.0.0-4.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: openslp-2.0.0-4.el6_10.src.rpm i386: openslp-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm ppc64: openslp-2.0.0-4.el6_10.ppc.rpm openslp-2.0.0-4.el6_10.ppc64.rpm openslp-debuginfo-2.0.0-4.el6_10.ppc.rpm openslp-debuginfo-2.0.0-4.el6_10.ppc64.rpm s390x: openslp-2.0.0-4.el6_10.s390.rpm openslp-2.0.0-4.el6_10.s390x.rpm openslp-debuginfo-2.0.0-4.el6_10.s390.rpm openslp-debuginfo-2.0.0-4.el6_10.s390x.rpm x86_64: openslp-2.0.0-4.el6_10.i686.rpm openslp-2.0.0-4.el6_10.x86_64.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-server-2.0.0-4.el6_10.i686.rpm ppc64: openslp-debuginfo-2.0.0-4.el6_10.ppc.rpm openslp-debuginfo-2.0.0-4.el6_10.ppc64.rpm openslp-devel-2.0.0-4.el6_10.ppc.rpm openslp-devel-2.0.0-4.el6_10.ppc64.rpm openslp-server-2.0.0-4.el6_10.ppc64.rpm s390x: openslp-debuginfo-2.0.0-4.el6_10.s390.rpm openslp-debuginfo-2.0.0-4.el6_10.s390x.rpm openslp-devel-2.0.0-4.el6_10.s390.rpm openslp-devel-2.0.0-4.el6_10.s390x.rpm openslp-server-2.0.0-4.el6_10.s390x.rpm x86_64: openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.x86_64.rpm openslp-server-2.0.0-4.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openslp-2.0.0-4.el6_10.src.rpm i386: openslp-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm x86_64: openslp-2.0.0-4.el6_10.i686.rpm openslp-2.0.0-4.el6_10.x86_64.rpm openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.6): i386: openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-server-2.0.0-4.el6_10.i686.rpm x86_64: openslp-debuginfo-2.0.0-4.el6_10.i686.rpm openslp-debuginfo-2.0.0-4.el6_10.x86_64.rpm openslp-devel-2.0.0-4.el6_10.i686.rpm openslp-devel-2.0.0-4.el6_10.x86_64.rpm openslp-server-2.0.0-4.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-5544 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXihAFdzjgjWX9erEAQihpg/+OxcJjeRCD8sUIkgu9k+cLxTikd1S1sUM xVDptdLxTQoBgHnfUJ8k5Jwp22s/B7POIvIUXGNjOdsQnIpCpznEo0gG5jzrh8kC gT1bFTu5JIXnrcrm5dHeGUVX1jAHRlkGjjdThkz0+vX3Xe3PEMVd+pe6/BrGGJd1 lp62JLfqz21jaK8z4W/UEHk6ydQIL7hovImaJUQphYBy0JcGoM0v6/KyhT3HN5fI WJKXzVlqgLzqajnBRriCML7Ew06EcSavPGNickSSUGyiy+trtETTX3LXd5Sy28mW 2w8gRza+4EsEOiib0FtDVqvwMHZKcxhIsXnmmxJRVHlTRQBlZyd0re4B410nG5Df 9bvQ4lRn5gFNlH3FczEBQ7HYiikrdtvmPSjW5WRS+XG7Law3RAFD1SbvALyGLT9K t2fYhu8YQ5WnUITMva4UXLkKBJFDGyzm6gLYl1ExGbfZmdLvtvtVvCBmXqXPkNrI Ie/mpu1fVP3dhuViLAds4yDw0VM0r5bcRu++jtUBh2NWGYtMP8gXd5TT343N5EiL npIi+7SQ++6Z+hLqW3nuugByTLI6dwlKHwaPZCyDnxU1Dxkdzmgz9EXK4ia7ArI5 WWsbCpwS8WbRNwoK/dcFh01Lucw8ohSgiOrQLKW2eKNiZIzZNb1lFy/J2utUdwy6 Vk4pWtLa4Do=mZyW -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 22, 2020
•Critical
Red Hat
199
security advisorysecurity issueupdateCentOS 7: CESA-2019-4240 Critical: openslp Denial of Service Threat
Upstream details at : https://access.redhat.com/errata/RHSA-2019:4240. CentOS Errata and Security Advisory 2019:4240 Critical Upstream details at : https://access.redhat.com/errata/RHSA-2019:4240 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 573f3606f7610fd2d2ca25b3172e819674978d9361e7d98bdbdf7b230b8888f4 openslp-2.0.0-8.el7_7.i686.rpm 1506e1615c29c5c9d4695755ab5b943ba7443c4c42e241774fd7de09d70c7b1a openslp-2.0.0-8.el7_7.x86_64.rpm 18af183e86c6261f54363053e544ed5dc7fe70e3f4d019fc522210a9054f7506 openslp-devel-2.0.0-8.el7_7.i686.rpm 381bcdfe87d893c0794f780ce825805395d9f29c72a0c209ca0c4ead3a824938 openslp-devel-2.0.0-8.el7_7.x86_64.rpm e23c0244a2646e0d9d2ca828dbbc6af971f1882f67b2ee95f7e687aab8caff7a openslp-server-2.0.0-8.el7_7.x86_64.rpm Source: 25b0a668a81d991656f58d9e7b379704ad94efde4b9accee61d8ec10ef036953 openslp-2.0.0-8.el7_7.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Dec 24, 2019
•Critical
CentOS
89
security advisoryfedorabuffer overflowFedora 31: FEDORA-2019-1e5ae33e87 critical: openslp buffer overflow
Security fix for CVE-2019-5544. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-1e5ae33e87 2019-12-18 01:52:04.720805 --------------------------------------------------------------------------------Name : openslp Product : Fedora 31 Version : 2.0.0 Release : 23.fc31 URL : https://sourceforge.net/projects/openslp/ Summary : Open implementation of Service Location Protocol V2 Description : Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. OpenSLP is an open source implementation of the SLPv2 protocol as defined by RFC 2608 and RFC 2614. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2019-5544 --------------------------------------------------------------------------------ChangeLog: * Mon Dec 9 2019 Vitezslav Crhonek - 2.0.0-23 - Fix heap overwrite vulnerability, CVE-2019-5544 Resolves: #1780754 --------------------------------------------------------------------------------References: [ 1 ] Bug #1777788 - CVE-2019-5544 openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution https://bugzilla.redhat.com/show_bug.cgi?id=1777788 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1e5ae33e87' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 17, 2019
•Critical
Fedora
200
security advisorycriticalremote code executionScientific Linux SL7: SLSA-2019-4240-1 Critical openslp Buffer Overflow
openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) SL7 x86_64 openslp-2.0.0-8.el7_7.i686.rpm openslp-2.0.0-8.el7_7.x86_64.rpm openslp-debuginfo-2.0.0-8.el7_7.i686.rpm openslp-debuginfo-2.0.0-8.el7_7.x86_64.rpm openslp-server-2.0.0-8.el7_7.x86_64.rpm openslp-devel-2.0.0-8.el7_7.i686.rpm opensl [More...]. Synopsis: Critical: openslp security update Advisory ID: SLSA-2019:4240-1 Issue Date: 2019-12-16 CVE Numbers: CVE-2019-5544 -- Security Fix(es): * openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) -- SL7 x86_64 openslp-2.0.0-8.el7_7.i686.rpm openslp-2.0.0-8.el7_7.x86_64.rpm openslp-debuginfo-2.0.0-8.el7_7.i686.rpm openslp-debuginfo-2.0.0-8.el7_7.x86_64.rpm openslp-server-2.0.0-8.el7_7.x86_64.rpm openslp-devel-2.0.0-8.el7_7.i686.rpm openslp-devel-2.0.0-8.el7_7.x86_64.rpm - Scientific Linux Development Team . Urgent openslp security patch announcement SLSA-2019-4240-1, resolving a critical buffer overflow vulnerability for SL7 x86_64 systems.. openslp, buffer overflow, remote code execution, security update, SL7. . Severity: Critical. LinuxSecurity.com Team
Dec 16, 2019
•Critical
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!