MGASA-2021-0319

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0319.html

Import Source

https://advisories.mageia.org/MGASA-2021-0319.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0319

Related

CVE-2021-29462

Published

2021-07-08T22:43:19Z

Modified

2021-07-08T21:25:26Z

Summary

Updated libupnp packages fix a security vulnerability

Details

The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the 'Host' header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later (CVE-2021-29462).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / libupnp

Package

Name: libupnp
Purl: pkg:rpm/mageia/libupnp?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.4-3.2.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / libupnp

Package

Name: libupnp
Purl: pkg:rpm/mageia/libupnp?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.6-1.mga8

Ecosystem specific

{
    "section": "core"
}