{"affected":[{"ecosystem_specific":{"binaries":[{"libosip2":"3.5.0-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"libosip2","purl":"pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.0-20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libosip2":"3.5.0-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"libosip2","purl":"pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.0-20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libosip2":"3.5.0-20.1","libosip2-devel":"3.5.0-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP1","name":"libosip2","purl":"pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.0-20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libosip2":"3.5.0-20.1","libosip2-devel":"3.5.0-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","name":"libosip2","purl":"pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.0-20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libosip2":"3.5.0-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP1","name":"libosip2","purl":"pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.0-20.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libosip2":"3.5.0-20.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP2","name":"libosip2","purl":"pkg:rpm/suse/libosip2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.0-20.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for libosip2 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-7853: In libosip2  a malformed SIP message could have lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS (bsc#1034570).\n- CVE-2016-10326: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS (bsc#1034571).\n- CVE-2016-10325: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS (bsc#1034572).\n- CVE-2016-10324: In libosip2 a malformed SIP message could have lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c (bsc#1034574).\n","id":"SUSE-SU-2017:1187-1","modified":"2017-05-05T22:14:38Z","published":"2017-05-05T22:14:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171187-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1034570"},{"type":"REPORT","url":"https://bugzilla.suse.com/1034571"},{"type":"REPORT","url":"https://bugzilla.suse.com/1034572"},{"type":"REPORT","url":"https://bugzilla.suse.com/1034574"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10324"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10325"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10326"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7853"}],"related":["CVE-2016-10324","CVE-2016-10325","CVE-2016-10326","CVE-2017-7853"],"summary":"Security update for libosip2","upstream":["CVE-2016-10324","CVE-2016-10325","CVE-2016-10326","CVE-2017-7853"]}