Amazon Linux 2 : openslp (ALAS-2018-1060)
High Nessus Plugin ID 112085
SynopsisThe remote Amazon Linux 2 host is missing a security update.
DescriptionA use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered
in the ProcessSrvRqst function. A failure to update a local pointer
may lead to heap corruption. A remote attacker may be able to leverage
this flaw to gain remote code execution.(CVE-2017-17833)
SolutionRun 'yum update openslp' to update your system.