Security update for openslp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:1916-1 Final 1 1 2018-07-09T09:59:53Z current 2018-07-09T09:59:53Z 2018-07-09T09:59:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openslp This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-openslp-13690,secsp3-openslp-13690,sleposp3-openslp-13690,slessp3-openslp-13690,slessp4-openslp-13690 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20181916-1/ Link for SUSE-SU-2018:1916-1 https://lists.suse.com/pipermail/sle-security-updates/2018-July/004251.html E-Mail link for SUSE-SU-2018:1916-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1090638 SUSE Bug 1090638 https://www.suse.com/security/cve/CVE-2017-17833/ SUSE CVE CVE-2017-17833 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 openslp-devel-1.2.0-172.27.3.1 openslp-server-1.2.0-172.27.3.1 libslp1-openssl1-1.2.0-172.27.3.1 openslp-1.2.0-172.27.3.1 libslp1-openssl1-32bit-1.2.0-172.27.3.1 openslp-32bit-1.2.0-172.27.3.1 openslp-x86-1.2.0-172.27.3.1 openslp-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 openslp-server-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 libslp1-openssl1-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS libslp1-openssl1-32bit-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS openslp-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS openslp-32bit-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS openslp-server-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS libslp1-openssl1-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libslp1-openssl1-32bit-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA openslp-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA openslp-32bit-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA openslp-server-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA openslp-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP4 openslp-32bit-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP4 openslp-server-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP4 openslp-x86-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11 SP4 libslp1-openssl1-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server 11-SECURITY openslp-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 openslp-32bit-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 openslp-server-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 openslp-x86-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 openslp-devel-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 openslp-server-1.2.0-172.27.3.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. CVE-2017-17833 SUSE Linux Enterprise Point of Sale 11 SP3:openslp-1.2.0-172.27.3.1 SUSE Linux Enterprise Point of Sale 11 SP3:openslp-server-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-LTSS:libslp1-openssl1-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-LTSS:libslp1-openssl1-32bit-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-LTSS:openslp-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-LTSS:openslp-32bit-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-LTSS:openslp-server-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libslp1-openssl1-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libslp1-openssl1-32bit-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:openslp-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:openslp-32bit-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:openslp-server-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP4:openslp-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP4:openslp-32bit-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP4:openslp-server-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11 SP4:openslp-x86-1.2.0-172.27.3.1 SUSE Linux Enterprise Server 11-SECURITY:libslp1-openssl1-1.2.0-172.27.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:openslp-1.2.0-172.27.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:openslp-32bit-1.2.0-172.27.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:openslp-server-1.2.0-172.27.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:openslp-x86-1.2.0-172.27.3.1 SUSE Linux Enterprise Software Development Kit 11 SP4:openslp-devel-1.2.0-172.27.3.1 SUSE Linux Enterprise Software Development Kit 11 SP4:openslp-server-1.2.0-172.27.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181916-1/ https://www.suse.com/security/cve/CVE-2017-17833.html CVE-2017-17833 https://bugzilla.suse.com/1090638 SUSE Bug 1090638 https://bugzilla.suse.com/1099519 SUSE Bug 1099519 https://bugzilla.suse.com/1126909 SUSE Bug 1126909