Advisories » MGASA-2020-0075

Updated openslp packages fix security vulnerability

Publication date: 09 Feb 2020
Modification date: 09 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-5544

Description

A heap-based buffer overflow was discovered in OpenSLP in the way the slpd
service processes URLs in service request messages. A remote unauthenticated
attacker could register a service with a specially crafted URL that, when
used during a service request message, would trigger the flaw and cause the
program to crash or to remotely execute code with the privileges of the slpd
service (CVE-2019-5544).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25841
• https://www.openwall.com/lists/oss-security/2019/12/06/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5544

SRPMS

7/core

• openslp-2.0.0-10.1.mga7