Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 16.04 LTS: USN-4542-1 Moderate: MiniUPnPd DoS Issues

ubuntu
Calendar Grey September 25, 2020
Dist Ubuntu Esm H88
Security flaws in MiniUPnPd rectified in Ubuntu 16.04 LTS, eliminating remote exploitation risks through patch installations.
Several security issues were fixed in MiniUPnPd.

Summary

Several security issues were fixed in MiniUPnPd.

Software Description:

- miniupnpd: UPnP and NAT-PMP daemon for gateway routers

Details:

It was discovered that MiniUPnPd did not properly validate callback

addresses. A remote attacker could possibly use this issue to expose

sensitive information. (CVE-2019-12107)

It was discovered that MiniUPnPd incorrectly handled unpopulated user XML

input. An attacker could possibly use this issue to cause MiniUPnPd to

crash, resulting in a denial of service. (CVE-2019-12108, CVE-2019-12109)

It was discovered that MiniUPnPd incorrectly handled an empty description

when port mapping. An attacker could possibly use this issue to cause

MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12110)

It was discovered that MiniUPnPd did not properly parse certain PCP

requests. An attacker could possibly use this issue to cause MiniUPnPd to

crash, resulting in a denial of service. (CVE-2019-12111)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  miniupnpd                       1.8.20140523-4.1+deb9u2build0.16.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4542-1

CVE-2019-12107, CVE-2019-12108, CVE-2019-12109, CVE-2019-12110,

CVE-2019-12111

September 25, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here