ArchLinux: 201608-8: libupnp: arbitrary filesystem access
Summary
A vulnerability was found in libupnp. If there's no registered handler for a POST or GET request, the default behavior is to write to or read from the filesystem. This allows an unauthenticated attacker to store or retrieve arbitrary data. This issue allows full host filesystem access if the process is running as root and using / as the web root.
Resolution
Upgrade to 1.6.20-1.
# pacman -Syu "libupnp>=1.6.20-1"
The problem has been fixed upstream in version 1.6.20.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255 https://www.openwall.com/lists/oss-security/2016/07/18/13
Workaround
None.