Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
203
security advisorymoderatevulnerabilityMageia: 2021-0319 moderate: libupnp DNS Rebinding Attack
The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the 'Host' header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later . MGASA-2021-0319 - Updated libupnp packages fix a security vulnerability Publication date: 08 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0319.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-29462 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the 'Host' header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later (CVE-2021-29462). References: - https://bugs.mageia.org/show_bug.cgi?id=28923 - https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg - https://www.cve.org/CVERecord?id=CVE-2021-29462 SRPMS: - 7/core/libupnp-1.8.4-3.2.mga7 - 8/core/libupnp-1.14.6-1.mga8 . Mageia has released updates for libupnp packages to address a DNS rebinding security flaw, introducing version 1.14.6 and above.. DNS Rebinding Attack, Libupnp Security Fix, Mageia Advisory. . Severity: Important. LinuxSecurity.com Team
Jul 08, 2021
•Important
Mageia
198
security advisoryhigh severityArch LinuxArch Linux: 202104-8 High Severity: libupnp Content Spoofing Advisory
The package libupnp before version 1.14.6-1 is vulnerable to content spoofing. . Arch Linux Security Advisory ASA-202104-8 ======================================== Severity: High Date : 2021-04-29 CVE-ID : CVE-2021-29462 Package : libupnp Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-1844 Summary ====== The package libupnp before version 1.14.6-1 is vulnerable to content spoofing. Resolution ========= Upgrade to 1.14.6-1. # pacman -Syu "libupnp> =1.14.6-1" The problem has been fixed upstream in version 1.14.6. Workaround ========= None. Description ========== The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS- rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. Impact ===== An attacker is able to perform a DNS rebinding attack against a client browser to trigger local UPnP services. This can be used to, for example, exfiltrate or tamper data of a client. References ========= https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4 https://security.archlinux.org/CVE-2021-29462 . Critical update required for Arch Linux: libupnp exposed to potential content spoofing risks. Please upgrade to version 1.14.6-1 without delay.. Arch Linux, libupnp, content spoofing advisory. . LinuxSecurity.com Team
Apr 29, 2021
ArchLinux
197
security advisorydenial of servicesecurity updateDebian 9 LTS: DLA-2585-1 Moderate: libupnp Denial Of Service
libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2585-1
Mar 07, 2021
Debian LTS
203
security advisorydenial of servicesoftware updateMageia: 2020-0270 Moderate: libupnp Remote Denial of Service Threat
The updated packages fix a security vulnerability: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions . MGASA-2020-0270 - Updated libupnp packages fix security vulnerability Publication date: 04 Jul 2020 URL: https://advisories.mageia.org/MGASA-2020-0270.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-13848 The updated packages fix a security vulnerability: Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. (CVE-2020-13848) References: - https://bugs.mageia.org/show_bug.cgi?id=26752 - https://lists.debian.org/debian-lts-announce/2020/06/msg00006.html - https://www.cve.org/CVERecord?id=CVE-2020-13848 SRPMS: - 7/core/libupnp-1.8.4-3.1.mga7 . Recent libupnp updates address a critical security vulnerability in Mageia. Find out more about the potential dangers associated with remote exploits.. libupnp Security, Mageia Update, Denial of Service, Remote Attack. . LinuxSecurity.com Team
Jul 04, 2020
Mageia
202
security advisorymoderatedenial of serviceopenSUSE Leap 15.1: openSUSE-SU-2020:0805-1 Moderate libupnp DoS
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libupnp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0805-1 Rating: moderate References: #1172625 Cross-References: CVE-2020-13848 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libupnp fixes the following issues: - CVE-2020-13848: A NULL ptr denial of service via crafted SSDP message was fixed (boo#1172625) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-805=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libupnp-debugsource-1.6.25-lp151.3.3.1 libupnp-devel-1.6.25-lp151.3.3.1 libupnp6-1.6.25-lp151.3.3.1 libupnp6-debuginfo-1.6.25-lp151.3.3.1 - openSUSE Leap 15.1 (x86_64): libupnp6-32bit-1.6.25-lp151.3.3.1 libupnp6-32bit-debuginfo-1.6.25-lp151.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13848.html https://bugzilla.suse.com/1172625 -- . An important patch has been released for openSUSE's libupnp that tackles a moderate denial of service vulnerability. Discover the details of the corrective measures implemented.. openSUSE Update, libupnp Security, Moderate Threat, Denial Of Service. . LinuxSecurity.com Team
Jun 16, 2020
OpenSUSE
202
security advisorymoderatedenial of serviceopenSUSE: 2020:0821-1 Moderate: libupnp Denial of Service Fix
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libupnp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0821-1 Rating: moderate References: #1172625 Cross-References: CVE-2020-13848 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libupnp fixes the following issues: - CVE-2020-13848: A NULL ptr denial of service via crafted SSDP message was fixed (boo#1172625) This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-821=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): libupnp-devel-1.6.25-bp151.4.3.1 libupnp6-1.6.25-bp151.4.3.1 - openSUSE Backports SLE-15-SP1 (aarch64_ilp32): libupnp6-64bit-1.6.25-bp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2020-13848.html https://bugzilla.suse.com/1172625 -- . This release tackles a medium-risk flaw in libupnp, fixing a null pointer dereference that could lead to a denial of service.. libupnp update, openSUSE Security, moderate vulnerability fix, denial of service, security patch. . LinuxSecurity.com Team
Jun 16, 2020
OpenSUSE
197
security advisorydenial of serviceDebianDebian: DLA-2245-1 Important: Security Fix for libxml2 Vulnerability
libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath . Package : libupnp Version : 1.6.19+git20141001-1+deb8u2 CVE ID : CVE-2020-13848 Debian Bug : 962282 libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. This crash can be triggered by sending a malformed SUBSCRIBE or UNSUBSCRIBE using any of the attached files. For Debian 8 "Jessie", this problem has been fixed in version 1.6.19+git20141001-1+deb8u2. We recommend that you upgrade your libupnp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . libupnp security patch DLA-2238-1 addresses DoS vulnerability on Debian 8, mitigating risks from remote exploitation attempts.. Denial Of Service, libupnp Update, Debian Security, UPnP Services. . Severity: Important. LinuxSecurity.com Team
Jun 08, 2020
•Important
Debian LTS
91
security advisoryGentoomultiple issuesGentoo GLSA-201701-52 Normal: libupnp Critical Threats And Fixes
Multiple vulnerabilities have been found in libupnp, the worst of which could lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-52 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libupnp: Multiple vulnerabilities Date: January 23, 2017 Bugs: #589136, #598202 ID: 201701-52 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in libupnp, the worst of which could lead to the execution of arbitrary code. Background ========= libupnp is a portable, open source, UPnP development kit. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/libupnp < 1.6.21 > = 1.6.21 Description ========== Multiple vulnerabilities have been discovered in libupnp. Please review the CVE identifiers referenced below for details. Impact ===== A remote attack could arbitrarily write files to a users file system, cause a Denial of Service condition, or execute arbitrary code. Workaround ========= There is no known workaround at this time. Resolution ========= All libupnp users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-libs/libupnp-1.6.21" References ========= [ 1 ] CVE-2016-6255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6255 [ 2 ] CVE-2016-8863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8863 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo SecurityWebsite: https://security.gentoo.org/glsa/201701-52 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 23, 2017
•Important
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!