Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 10 articles for you...
89
security advisoryfedorabuffer overflowFedora 41: minidlna Important Stack-Buffer Overflow Fix CVE-2023-47430
Avoid restarting minidlna.service when rotating logs if it's not running. Fix CVE-2023-47430 .. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-0f490a9a10 2025-07-18 01:08:52.312447+00:00 -------------------------------------------------------------------------------- Name : minidlna Product : Fedora 41 Version : 1.3.3 Release : 10.fc41 URL : http://sourceforge.net/projects/minidlna/ Summary : Lightweight DLNA/UPnP-AV server targeted at embedded systems Description : MiniDLNA (aka ReadyDLNA) is server software with the aim of being fully compliant with DLNA/UPnP-AV clients. The minidlna daemon serves media files (music, pictures, and video) to clients on your local network. Example clients include applications such as Totem and XBMC, and devices such as portable media players, smartphones, and televisions. -------------------------------------------------------------------------------- Update Information: Avoid restarting minidlna.service when rotating logs if it's not running. Fix CVE-2023-47430 . -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2025 Dominik Mierzejewski - 1.3.3-10 - use systemctl try-restart in postrotate script (resolves rhbz#2372859) - attempt to fix CVE-2023-47430 (resolves rhbz#2271621) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2271621 - CVE-2023-47430 minidlna: Stack-buffer-overflow vulnerability in ReadyMedia [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271621 [ 2 ] Bug #2372859 - Use `systemctl try-restart` in logrotate postrotate script https://bugzilla.redhat.com/show_bug.cgi?id=2372859 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0f490a9a10'at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 18, 2025
•Important
Fedora
89
security advisoryfedoraimportantFedora 42: minidlna Important Stack-Buffer Overflow CVE-2023-47430
Avoid restarting minidlna.service when rotating logs if it's not running. Fix CVE-2023-47430 . . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-9fb8ee63fb 2025-07-18 01:05:30.483965+00:00 -------------------------------------------------------------------------------- Name : minidlna Product : Fedora 42 Version : 1.3.3 Release : 13.fc42 URL : http://sourceforge.net/projects/minidlna/ Summary : Lightweight DLNA/UPnP-AV server targeted at embedded systems Description : MiniDLNA (aka ReadyDLNA) is server software with the aim of being fully compliant with DLNA/UPnP-AV clients. The minidlna daemon serves media files (music, pictures, and video) to clients on your local network. Example clients include applications such as Totem and XBMC, and devices such as portable media players, smartphones, and televisions. -------------------------------------------------------------------------------- Update Information: Avoid restarting minidlna.service when rotating logs if it's not running. Fix CVE-2023-47430 . -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 7 2025 Dominik Mierzejewski - 1.3.3-13 - use systemctl try-restart in postrotate script (resolves rhbz#2372859) - attempt to fix CVE-2023-47430 (resolves rhbz#2271621) * Tue May 27 2025 Jitka Plesnikova - 1.3.3-12 - Rebuilt for flac 1.5.0 * Tue Feb 11 2025 Zbigniew J\u0119drzejewski-Szmek - 1.3.3-11 - Drop call to %sysusers_create_compat -------------------------------------------------------------------------------- References: [ 1 ] Bug #2271621 - CVE-2023-47430 minidlna: Stack-buffer-overflow vulnerability in ReadyMedia [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271621 [ 2 ] Bug #2372859 - Use `systemctl try-restart` in logrotate postrotate script https://bugzilla.redhat.com/show_bug.cgi?id=2372859 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9fb8ee63fb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Debian 12's rdiff-backup upgrade addresses significant memory-corruption vulnerability CVE-2023-57420 with improved operational safeguards.. Fedora Update,minidlna security,service restart fix,minidlna vulnerability,security patch. . Severity: Important. LinuxSecurity.com Team
Jul 18, 2025
•Important
Fedora
202
security advisorysecurity issueimportant fixopenSUSE: 2024:0093-1 Important Fix for Minidlna HTTP Parsing Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for minidlna ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0093-1 Rating: important References: #1222007 Cross-References: CVE-2023-33476 CVSS scores: CVE-2023-33476 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for minidlna fixes the following issues: Update to 1.3.3 (boo#1222007): - Fixed HTTP chunk length parsing. (CVE-2023-33476) - Improved Dutch and Swedish translations. - Fixed directory symlink deletion handling. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-93=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): minidlna-1.3.3-bp155.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-33476.html https://bugzilla.suse.com/1222007 . Minidlna security patch for openSUSE resolves CVE-2023-33476, providing crucial updates along with detailed setup guidelines.. Minidlna Security Update, openSUSE Patch, HTTP Parsing Fix. . Severity: Important. LinuxSecurity.com Team
Mar 29, 2024
•Important
OpenSUSE
172
security advisorysecurity updatebuffer overflowUbuntu 23.04 USN-6398-1 Moderate: Minidlna Buffer Overflow Risk
Several security issues were fixed in ReadyMedia.. ========================================================================== Ubuntu Security Notice USN-6398-1 September 27, 2023 minidlna vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in ReadyMedia. Software Description: - minidlna: lightweight DLNA/UPnP-AV server targeted at embedded systems Details: It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-26505) It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes. (CVE-2023-33476) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: minidlna 1.3.0+dfsg-2.2ubuntu0.1 Ubuntu 22.04 LTS: minidlna 1.3.0+dfsg-2.1ubuntu0.1 Ubuntu 20.04 LTS: minidlna 1.2.1+dfsg-1ubuntu0.20.04.2 Ubuntu 18.04 LTS (Available with Ubuntu Pro): minidlna 1.2.1+dfsg-1ubuntu0.18.04.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): minidlna 1.1.5+dfsg-2ubuntu0.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6398-1 CVE-2022-26505, CVE-2023-33476 Package Information: https://launchpad.net/ubuntu/+source/minidlna/1.3.0+dfsg-2.2ubuntu0.1 https://launchpad.net/ubuntu/+source/minidlna/1.3.0+dfsg-2.1ubuntu0.1 https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.20.04.2 . Uncover significant challenges within ReadyMedia impacting various iterations of Ubuntu and explore effective solutions through system updates.. Ubuntu Security Notice,minidlna updates,security fix. . LinuxSecurity.com Team
Sep 27, 2023
Ubuntu
203
security advisorysecurity issuebuffer overflowMageia 8: 2023-0224 Critical: Minidlna Buffer Overflow Advisory
Out-of-bounds read/write due to buffer overflow (CVE-2023-33476) References: - https://bugs.mageia.org/show_bug.cgi?id=32041 - https://lists.debian.org/debian-security-announce/2023/msg00125.html . MGASA-2023-0224 - Updated minidlna packages fix security vulnerability Publication date: 07 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0224.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-33476 Out-of-bounds read/write due to buffer overflow (CVE-2023-33476) References: - https://bugs.mageia.org/show_bug.cgi?id=32041 - https://lists.debian.org/debian-security-announce/2023/msg00125.html - https://www.cve.org/CVERecord?id=CVE-2023-33476 SRPMS: - 8/core/minidlna-1.3.3-1.mga8 . Mageia releases crucial security patch for Minidlna addressing buffer overflow vulnerability, dated July 07, 2023, with a priority rating of critical.. Mageia Security, Minidlna Update, Buffer Overflow, Software Patch, Critical Advisory. . Severity: Critical. LinuxSecurity.com Team
Jul 07, 2023
•Critical
Mageia
197
security advisorydenial of servicebuffer overflowDebian 10: DLA-3465-1 Critical: Minidlna Buffer Overflow DoS Risk
A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3465-1
Jun 21, 2023
•Critical
Debian LTS
87
security advisorydenial of servicebuffer overflowDebian: DSA-5435-2 Urgent: Nginx Security Vulnerability Detected
A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5434-1
Jun 21, 2023
•Critical
Debian
203
security advisoryremote accessDNS issueMageia 8 MGASA-2022-0391 Critical: Minidlna DNS Rebinding
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. (CVE-2022-26505) References: - https://bugs.mageia.org/show_bug.cgi?id=30115 . MGASA-2022-0391 - Updated minidlna packages fix security vulnerability Publication date: 28 Oct 2022 URL: https://advisories.mageia.org/MGASA-2022-0391.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-26505 A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. (CVE-2022-26505) References: - https://bugs.mageia.org/show_bug.cgi?id=30115 - https://www.openwall.com/lists/oss-security/2022/03/03/1 - https://www.openwall.com/lists/oss-security/2022/03/06/1 - - https://lists.debian.org/debian-lts-announce/2022/04/msg00005.html - https://www.cve.org/CVERecord?id=CVE-2022-26505 SRPMS: - 8/core/minidlna-1.3.2-1.mga8 . Recent updates to minidlna packages rectify a critical DNS rebinding vulnerability that puts media files at risk on Mageia platforms.. Minidlna Security Update,Mageia,DNS Rebinding Issue. . Severity: Critical. LinuxSecurity.com Team
Oct 28, 2022
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!