========================================================================== Ubuntu Security Notice USN-3708-1 July 09, 2018 openslp-dfsg vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: OpenSLP could be made to crash or run programs if it received specially crafted network traffic. Software Description: - openslp-dfsg: Service Location Protocol library Details: It was discovered that OpenSLP incorrectly handled certain memory operations. A remote attacker could use this issue to cause OpenSLP to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libslp1 1.2.1-11ubuntu0.16.04.1 Ubuntu 14.04 LTS: libslp1 1.2.1-9ubuntu0.3 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3708-1 CVE-2017-17833, CVE-2018-12938 Package Information: https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-11ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-9ubuntu0.3