Stay Secure with the Latest Linux Advisories

security advisorymoderateupdate

openSUSE: 2020:2194-1 moderate: minidlna buffer overflow

An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for minidlna ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2194-1 Rating: moderate References: #1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for minidlna fixes the following issues: minidlna was updated to version 1.3.0 (boo#1179447) - Fixed some build warnings when building with musl. - Use $USER instead of $LOGNAME for the default friendly name. - Fixed build with GCC 10 - Fixed some warnings from newer compilers - Disallow negative HTTP chunk lengths. [CVE-2020-28926] - Validate SUBSCRIBE callback URL. [CVE-2020-12695] - Fixed spurious warnings with ogg coverart - Fixed an issue with VLC where browse results would be truncated. - Fixed bookmarks on Samsung Q series - Added DSD file support. - Fixed potential stack smash vulnerability in getsyshwaddr on macOS. - Will now reload the log file on SIGHUP. - Worked around bad SearchCriteria from the Control4 Android app. - Increased max supported network addresses to 8. - Added forced alphasort capability. - Added episode season and number metadata support. - Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option. - Fixed discovery when connected to certain WiFi routers. - Added FreeBSD kqueue support. - Added the ability to set the group to run as. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can runthe command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2194=1 Package List: - openSUSE Leap 15.1 (x86_64): minidlna-1.3.0-lp151.3.3.1 minidlna-debuginfo-1.3.0-lp151.3.3.1 minidlna-debugsource-1.3.0-lp151.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-12695.html https://www.suse.com/security/cve/CVE-2020-28926.html https://bugzilla.suse.com/1179447 _______________________________________________ openSUSE Security Announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe, email This email address is being protected from spambots. You need JavaScript enabled to view it. List Netiquette: List Archives: . New update released for minidlna on openSUSE, addressing moderate vulnerabilities and improving security functions.. openSUSE,minidlna,update,security patch. . LinuxSecurity.com Team

Dec 07, 2020 OpenSUSE