Bugzilla – Bug 1204225
VUL-0: CVE-2022-41550: libosip2: integer overflow via the component osip_body_parse_header.
Last modified: 2022-10-25 13:24:28 UTC
CVE-2022-41550 GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41550 https://www.cve.org/CVERecord?id=CVE-2022-41550 http://www.cvedetails.com/cve/CVE-2022-41550/ https://savannah.gnu.org/bugs/?63103 https://git.savannah.gnu.org/cgit/osip.git/commit/?id=f77f16c832c3c37589c2b749f01b644dc44a55b5
relevant for: - SUSE:SLE-12:Update/libosip2 plus openSUSE:Factory and openSUSE:Backports:SLE-15*
SLE-12: created request id 282176
factory: created request id 1010220 backports-15.4: created request id 1010222 backports-15.3: created request id 1010221
closing with all branches submitted
This is an autogenerated message for OBS integration: This bug (1204225) was mentioned in https://build.opensuse.org/request/show/1010221 Backports:SLE-15-SP3 / libosip2 https://build.opensuse.org/request/show/1010222 Backports:SLE-15-SP4 / libosip2
openSUSE-SU-2022:10147-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1204225 CVE References: CVE-2022-41550 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): libosip2-5.2.1-bp154.2.3.1
SUSE-SU-2022:3724-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1204225 CVE References: CVE-2022-41550 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): libosip2-3.5.0-21.3.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libosip2-3.5.0-21.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.