安全公告详情

NS-SA-2019-0022

2019-07-17 14:55:36

简介

important: openslp/python security update

严重级别

important

主题

An update for openslp/python is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

openslp: Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. OpenSLP is an open source implementation of the SLPv2 protocol as defined by RFC 2608 and RFC 2614.
python: The Tkinter (Tk interface) program is an graphical user interface for the Python scripting language. You should install the tkinter package if you'd like to use a graphical user interface for Python programming.


Security Fix(es):
openslp: A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution.(CVE-2017-17833)
openslp: bugfix
python: A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.(CVE-2016-2183)
python: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F6.

影响组件

  • openslp
  • python

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["openslp-2.0.0-7.el7_5.x86_64.rpm","openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm","openslp-devel-2.0.0-7.el7_5.x86_64.rpm","openslp-server-2.0.0-7.el7_5.x86_64.rpm"],"source":"openslp-2.0.0-7.el7_5.src.rpm"},{"binary":["python-test-2.7.5-69.el7_5.cgslv5.0.1.gee74fb6.x86_64.rpm","python-tools-2.7.5-69.el7_5.cgslv5.0.1.gee74fb6.x86_64.rpm","python-debug-2.7.5-69.el7_5.cgslv5.0.1.gee74fb6.x86_64.rpm","python-debuginfo-2.7.5-69.el7_5.cgslv5.0.1.gee74fb6.x86_64.rpm","python-libs-2.7.5-69.el7_5.cgslv5.0.1.gee74fb6.x86_64.rpm","python-devel-2.7.5-69.el7_5.cgslv5.0.1.gee74fb6.x86_64.rpm","tkinter-2.7.5-69.el7_5.cgslv5.0.1.gee74fb6.x86_64.rpm","python-2.7.5-69.el7_5.cgslv5.0.1.gee74fb6.x86_64.rpm"],"source":"python-2.7.5-69.el7_5.cgslv5.0.1.gee74fb6.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["openslp-2.0.0-7.el7_5.x86_64.rpm","openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm","openslp-devel-2.0.0-7.el7_5.x86_64.rpm","openslp-server-2.0.0-7.el7_5.x86_64.rpm"],"source":"openslp-2.0.0-7.el7_5.src.rpm"},{"binary":["python-debug-2.7.5-69.el7_5.cgslv5lite.0.1.gee74fb6.x86_64.rpm","python-libs-2.7.5-69.el7_5.cgslv5lite.0.1.gee74fb6.x86_64.rpm","python-test-2.7.5-69.el7_5.cgslv5lite.0.1.gee74fb6.x86_64.rpm","python-debuginfo-2.7.5-69.el7_5.cgslv5lite.0.1.gee74fb6.x86_64.rpm","python-tools-2.7.5-69.el7_5.cgslv5lite.0.1.gee74fb6.x86_64.rpm","python-devel-2.7.5-69.el7_5.cgslv5lite.0.1.gee74fb6.x86_64.rpm","python-2.7.5-69.el7_5.cgslv5lite.0.1.gee74fb6.x86_64.rpm","tkinter-2.7.5-69.el7_5.cgslv5lite.0.1.gee74fb6.x86_64.rpm"],"source":"python-2.7.5-69.el7_5.cgslv5lite.0.1.gee74fb6.src.rpm"}]}]}

CVE

参考