Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisorydenial of servicefedoraFedora 42 miniupnpd Denial of Service Update 2026-2e8a8fd35b
2026/03/24: fix missing fclose and potential double free in option file parsing 2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2e8a8fd35b 2026-04-30 01:28:38.068264+00:00 -------------------------------------------------------------------------------- Name : miniupnpd Product : Fedora 42 Version : 2.3.10 Release : 1.fc42 URL : https://miniupnp.tuxfamily.org/ Summary : Lightweight UPnP IGD & PCP/NAT-PMP daemon Description : The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-PMP. -------------------------------------------------------------------------------- Update Information: 2026/03/24: fix missing fclose and potential double free in option file parsing 2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow 2026/02/05: Rewrite permission line parser 2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825 2025/05/24: Fix Mac OS X 10.9 build 2025/05/15: build: teststun executable 2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7 2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 20 2026 - Michael Cronenworth - 2.3.10-1 - Version update * Fri Jan 16 2026 Fedora Release Engineering - 2.3.9-4 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Thu Jul 24 2025 Fedora Release Engineering - 2.3.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2459688 - CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459688 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2e8a8fd35b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 30, 2026
•Important
Fedora
89
security advisorydenial of servicefedoraFedora 43 miniupnpd Critical Denial of Service Information Leak Alert
2026/03/24: fix missing fclose and potential double free in option file parsing 2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5f908cb040 2026-04-30 01:19:30.574294+00:00 -------------------------------------------------------------------------------- Name : miniupnpd Product : Fedora 43 Version : 2.3.10 Release : 1.fc43 URL : https://miniupnp.tuxfamily.org/ Summary : Lightweight UPnP IGD & PCP/NAT-PMP daemon Description : The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-PMP. -------------------------------------------------------------------------------- Update Information: 2026/03/24: fix missing fclose and potential double free in option file parsing 2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow 2026/02/05: Rewrite permission line parser 2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825 2025/05/24: Fix Mac OS X 10.9 build 2025/05/15: build: teststun executable 2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7 2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 20 2026 - Michael Cronenworth - 2.3.10-1 - Version update * Fri Jan 16 2026 Fedora Release Engineering - 2.3.9-4 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2459688 - CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459688 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5f908cb040' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 30, 2026
•Critical
Fedora
89
security advisorydenial of servicefedoraFedora 44 miniupnpd Important Denial of Service Issues 2026-f933979509
2026/03/24: fix missing fclose and potential double free in option file parsing 2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f933979509 2026-04-30 00:52:11.847682+00:00 -------------------------------------------------------------------------------- Name : miniupnpd Product : Fedora 44 Version : 2.3.10 Release : 1.fc44 URL : https://miniupnp.tuxfamily.org/ Summary : Lightweight UPnP IGD & PCP/NAT-PMP daemon Description : The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-PMP. -------------------------------------------------------------------------------- Update Information: 2026/03/24: fix missing fclose and potential double free in option file parsing 2026/03/23: upnphttp.c: fix removal of quotes in ParseHttpHeaders() minixml.c: fix buffer read overflow 2026/02/05: Rewrite permission line parser 2025/05/26: Fix false negative filtered STUN CGNAT test result for unsupported servers #825 2025/05/24: Fix Mac OS X 10.9 build 2025/05/15: build: teststun executable 2025/04/28: pf: fix delete_pinhole for openbsd. Was broken since miniupnpd 2.3.7 2025/04/26 Fix parsing of interfaces names starting with a digit nftables: add counter for DNAT rule (ENABLE_NFT_RULE_COUNTER in config.h) nftables: improve scripts to support already existing tables -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 20 2026 - Michael Cronenworth - 2.3.10-1 - Versionupdate -------------------------------------------------------------------------------- References: [ 1 ] Bug #2459688 - CVE-2026-5720 miniupnpd: miniupnpd: Denial of service or information disclosure due to integer underflow in SOAPAction header parsing. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459688 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f933979509' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 30, 2026
•Important
Fedora
172
security advisoryubuntudosUbuntu 16.04 LTS: USN-4542-1 Moderate: MiniUPnPd DoS Issues
Several security issues were fixed in MiniUPnPd.. =========================================================================Ubuntu Security Notice USN-4542-1 September 25, 2020 miniupnpd vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in MiniUPnPd. Software Description: - miniupnpd: UPnP and NAT-PMP daemon for gateway routers Details: It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information. (CVE-2019-12107) It was discovered that MiniUPnPd incorrectly handled unpopulated user XML input. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12108, CVE-2019-12109) It was discovered that MiniUPnPd incorrectly handled an empty description when port mapping. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12110) It was discovered that MiniUPnPd did not properly parse certain PCP requests. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12111) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: miniupnpd 1.8.20140523-4.1+deb9u2build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4542-1 CVE-2019-12107, CVE-2019-12108, CVE-2019-12109, CVE-2019-12110, CVE-2019-12111 Package Information: https://launchpad.net/ubuntu/+source/miniupnpd/1.8.20140523-4.1+deb9u2build0.16.04.1 . Security flaws in MiniUPnPd rectified in Ubuntu 16.04 LTS, eliminating remote exploitation risks through patchinstallations.. MiniUPnPd Security, Ubuntu Updates, Security Fixes, Remote Attack Risks. . LinuxSecurity.com Team
Sep 25, 2020
Ubuntu
89
security advisorysecurity issuefedoraFedora 31: FEDORA-2019-0a26e06dd5 Critical: miniupnpd Denial of Service
Security patches.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-0a26e06dd5 2019-09-18 00:01:15.683440 --------------------------------------------------------------------------------Name : miniupnpd Product : Fedora 31 Version : 2.1 Release : 7.fc31 URL : http://miniupnp.free.fr/ Summary : Daemon to offer UPnP-IGD and NAT-PMP support Description : The MiniUPnP daemon is a UPnP Internet Gateway Device. UPnP and NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP and/or NAT-PMP. --------------------------------------------------------------------------------Update Information: Security patches. --------------------------------------------------------------------------------References: [ 1 ] Bug #1711245 - CVE-2019-12111 miniupnpd: null pointer dereference in copyIPv6IfDifferent in pcpserver.c causing denial of service https://bugzilla.redhat.com/show_bug.cgi?id=1711245 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-0a26e06dd5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 17, 2019
•Critical
Fedora
197
security advisoryinformation leakcriticalDebian 8: DLA-1811-1 Critical: miniupnpd Information Leak Issues
Ben Barnea and colleagues from VDOO discovered several vulnerabilities in miniupnpd, a small daemon that provides UPnP Internet Gateway Device and Port Mapping Protocol services. . Package : miniupnpd Version : 1.8.20140523-4+deb8u1 CVE ID : CVE-2017-1000494 CVE-2019-12107 CVE-2019-12108 CVE-2019-12109 CVE-2019-12110 CVE-2019-12111 Ben Barnea and colleagues from VDOO discovered several vulnerabilities in miniupnpd, a small daemon that provides UPnP Internet Gateway Device and Port Mapping Protocol services. The issues are basically information leak, null pointer dereferences and uses after free. For Debian 8 "Jessie", these problems have been fixed in version 1.8.20140523-4+deb8u1. We recommend that you upgrade your miniupnpd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance miniupnpd to address severe vulnerabilities such as data exposure. Find further information in this security bulletin.. miniupnpd security, Debian LTS, critical updates, information leak, daemon vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
May 30, 2019
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!