Mageia: 2020-0304 Moderate: gssdp/gupnp Subscription Request Risk

mageia

July 31, 2020

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment th...

Summary

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. (CVE-2020-12695).

References

- https://bugs.mageia.org/show_bug.cgi?id=26918

- https://mail.gnome.org/archives/gupnp-list/2020-June/msg00000.html

- https://www.cve.org/CVERecord?id=CVE-2020-12695

Topics Covered

security advisory network threat mageia gupnp gssdp subscription request

Resolution

SRPMS

- 7/core/gssdp-1.2.3-1.mga7

- 7/core/gupnp-1.2.3-1.mga7

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 31 Jul 2020

URL: https://advisories.mageia.org/MGASA-2020-0304.html

Type: security

CVE: CVE-2020-12695

Topics Covered

security advisory network threat mageia gupnp gssdp subscription request

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia: 2020-0304 Moderate: gssdp/gupnp Subscription Request Risk

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia: 2020-0304 Moderate: gssdp/gupnp Subscription Request Risk

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!