SUSE-SU-2017:1187-1

Details

This update for libosip2 fixes several issues.

These security issues were fixed:

CVE-2017-7853: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS (bsc#1034570).
CVE-2016-10326: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS (bsc#1034571).
CVE-2016-10325: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS (bsc#1034572).
CVE-2016-10324: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c (bsc#1034574).

Affected Packages

libosip2

SUSE Linux Enterprise Desktop 12 SP1SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Software Development Kit 12 SP1SUSE Linux Enterprise Software Development Kit 12 SP2SUSE Linux Enterprise Workstation Extension 12 SP1

Fixed in:

3.5.0-20.1

libosip2-devel

SUSE Linux Enterprise Software Development Kit 12 SP1SUSE Linux Enterprise Software Development Kit 12 SP2

Fixed in:

3.5.0-20.1

References

REPORT

https://bugzilla.suse.com/1034570

REPORT

https://bugzilla.suse.com/1034571

REPORT