Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Ubuntu 14.04 LTS: USN-2280-2 Critical MiniUPnPc RCE Security Flaw

Calendar Jul 16, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical Ubuntu miniupnpc
MiniUPnPc could be made to crash if it received specially crafted network traffic. 
=========================================================================Ubuntu Security Notice USN-2280-1
July 16, 2014

miniupnpc vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS

Summary:

MiniUPnPc could be made to crash if it received specially crafted network
traffic.

Software Description:
- miniupnpc: UPnP IGD client lightweight library client

Details:

It was discovered that MiniUPnPc incorrectly handled certain buffer
lengths. A remote attacker could possibly use this issue to cause
applications using MiniUPnPc to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libminiupnpc8                   1.6-3ubuntu2.14.04.1

Ubuntu 13.10:
  libminiupnpc8                   1.6-3ubuntu2.13.10.1

Ubuntu 12.04 LTS:
  libminiupnpc8                   1.6-3ubuntu1.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2280-1
  CVE-2014-3985

Package Information:
  https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu2.14.04.1
  https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu2.13.10.1
  https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu1.1

Ubuntu 14.04 LTS: USN-2280-2 Critical MiniUPnPc RCE Security Flaw

ubuntu
Calendar Grey July 16, 2014
Dist Ubuntu Esm H88
Address the MiniUPnPc instability threat by implementing Ubuntu Security Notice USN-2280-1 updates across all impacted releases.
MiniUPnPc could be made to crash if it received specially crafted network traffic.

Summary

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical Ubuntu miniupnpc

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libminiupnpc8 1.6-3ubuntu2.14.04.1 Ubuntu 13.10: libminiupnpc8 1.6-3ubuntu2.13.10.1 Ubuntu 12.04 LTS: libminiupnpc8 1.6-3ubuntu1.1 After a standard system update you need to restart your session to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2280-1

CVE-2014-3985

Severity
critical
Lowest
Low
Medium
High
Critical

July 16, 2014

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow critical Ubuntu miniupnpc

Package Information

https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu2.14.04.1 https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu2.13.10.1 https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here