Updated openslp packages fix security vulnerability
Publication date: 09 Feb 2020Modification date: 09 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-5544
Description
A heap-based buffer overflow was discovered in OpenSLP in the way the slpd service processes URLs in service request messages. A remote unauthenticated attacker could register a service with a specially crafted URL that, when used during a service request message, would trigger the flaw and cause the program to crash or to remotely execute code with the privileges of the slpd service (CVE-2019-5544).
References
SRPMS
7/core
- openslp-2.0.0-10.1.mga7