Mageia: 2021-0319 moderate: libupnp DNS Rebinding Attack

mageia

July 8, 2021

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications

Summary

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the 'Host' header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later (CVE-2021-29462).

References

- https://bugs.mageia.org/show_bug.cgi?id=28923

- https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg

- https://www.cve.org/CVERecord?id=CVE-2021-29462

Topics Covered

security advisory moderate vulnerability libupnp Mageia DNS Rebinding

Resolution

SRPMS

- 7/core/libupnp-1.8.4-3.2.mga7

- 8/core/libupnp-1.14.6-1.mga8

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 08 Jul 2021

URL: https://advisories.mageia.org/MGASA-2021-0319.html

Type: security

CVE: CVE-2021-29462

Topics Covered

security advisory moderate vulnerability libupnp Mageia DNS Rebinding

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia: 2021-0319 moderate: libupnp DNS Rebinding Attack

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia: 2021-0319 moderate: libupnp DNS Rebinding Attack

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!