SUSE-SU-2017:1187-1

CVE-2017-7853: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the msgosipbodyparse() function defined in osipparser2/osipmessage_parse.c, resulting in a remote DoS (bsc#1034570).
CVE-2016-10326: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osipbodytostr() function defined in osipparser2/osipbody.c, resulting in a remote DoS (bsc#1034571).
CVE-2016-10325: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osipmessagetostr() function defined in osipparser2/osipmessageto_str.c, resulting in a remote DoS (bsc#1034572).
CVE-2016-10324: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osipclrncpy() function defined in osipparser2/osipport.c (bsc#1034574).

References

Affected packages

Name: libosip2
Purl: pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0-20.1

{
    "binaries": [
        {
            "libosip2": "3.5.0-20.1"
        }
    ]
}

Name: libosip2
Purl: pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0-20.1

{
    "binaries": [
        {
            "libosip2": "3.5.0-20.1"
        }
    ]
}

Name: libosip2
Purl: pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0-20.1

{
    "binaries": [
        {
            "libosip2-devel": "3.5.0-20.1",
            "libosip2": "3.5.0-20.1"
        }
    ]
}

Name: libosip2
Purl: pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0-20.1

{
    "binaries": [
        {
            "libosip2-devel": "3.5.0-20.1",
            "libosip2": "3.5.0-20.1"
        }
    ]
}

Name: libosip2
Purl: pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0-20.1

{
    "binaries": [
        {
            "libosip2": "3.5.0-20.1"
        }
    ]
}

Name: libosip2
Purl: pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0-20.1

{
    "binaries": [
        {
            "libosip2": "3.5.0-20.1"
        }
    ]
}