Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE: 2020:2194-1 moderate: minidlna buffer overflow

opensuse
Calendar Grey December 7, 2020
Dist Opensuse Esm H88
New update released for minidlna on openSUSE, addressing moderate vulnerabilities and improving security functions.
An update that fixes two vulnerabilities is now available

Description

This update for minidlna fixes the following issues:

minidlna was updated to version 1.3.0 (boo#1179447)

- Fixed some build warnings when building with musl.

- Use $USER instead of $LOGNAME for the default friendly name.

- Fixed build with GCC 10

- Fixed some warnings from newer compilers

- Disallow negative HTTP chunk lengths. [CVE-2020-28926]

- Validate SUBSCRIBE callback URL. [CVE-2020-12695]

- Fixed spurious warnings with ogg coverart

- Fixed an issue with VLC where browse results would be truncated.

- Fixed bookmarks on Samsung Q series

- Added DSD file support.

- Fixed potential stack smash vulnerability in getsyshwaddr on macOS.

- Will now reload the log file on SIGHUP.

- Worked around bad SearchCriteria from the Control4 Android app.

- Increased max supported network addresses to 8.

- Added forced alphasort capability.

- Added episode season and number metadata...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate update buffer overflow moderate severity openSUSE minidlna stack smash network address

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2194=1

Package List

- openSUSE Leap 15.1 (x86_64):

minidlna-1.3.0-lp151.3.3.1

minidlna-debuginfo-1.3.0-lp151.3.3.1

minidlna-debugsource-1.3.0-lp151.3.3.1

References

https://www.suse.com/security/cve/CVE-2020-12695.html

https://www.suse.com/security/cve/CVE-2020-28926.html

https://bugzilla.suse.com/1179447

openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org

To unsubscribe, email security-announce-leave@lists.opensuse.org

List Netiquette:

List Archives:

Announcement ID: openSUSE-SU-2020:2194-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 .

Topics%20covered

Topics Covered

security advisory moderate update buffer overflow moderate severity openSUSE minidlna stack smash network address

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here