========================================================================== Ubuntu Security Notice USN-1118-1 April 20, 2011 openslp, openslp-dfsg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 9.10 - Ubuntu 8.04 LTS - Ubuntu 6.06 LTS Summary: An attacker could send crafted input to OpenSLP and cause it to hang. Software Description: - openslp-dfsg: OpenSLP is an implementation of the Service Location Protocol - openslp: OpenSLP is an implementation of the Service Location Protocol Details: It was discovered that OpenSLP incorrectly handled certain corrupted messages. A remote attacker could send a specially crafted packet to the OpenSLP server and cause it to hang, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libslp1 1.2.1-7.7ubuntu0.1 Ubuntu 10.04 LTS: libslp1 1.2.1-7.6ubuntu0.1 Ubuntu 9.10: libslp1 1.2.1-7.5ubuntu0.1 Ubuntu 8.04 LTS: libslp1 1.2.1-7.1ubuntu0.2 Ubuntu 6.06 LTS: libslp1 1.2.1-5ubuntu0.2 In general, a standard system update will make all the necessary changes. References: CVE-2010-3609 Package Information: https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.7ubuntu0.1 https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.6ubuntu0.1 https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.5ubuntu0.1 https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-7.1ubuntu0.2 https://launchpad.net/ubuntu/+source/openslp/1.2.1-5ubuntu0.2
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/