| Summary: | libupnp new security issues fixed upstream in 1.6.18 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | critical | ||
| Priority: | Normal | CC: | davidwhodgins, fundawang, guillomovitch, n54, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/536065/ | ||
| Whiteboard: | MGA2-64-OK MGA2-32-OK | ||
| Source RPM: | libupnp-1.6.17-1.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-02-05 19:15:15 CET
David Walser
2013-02-05 19:15:27 CET
CC:
(none) =>
n54 Ahh, I just noticed Guillaume updated this in Cauldron yesterday. CC:
(none) =>
guillomovitch Patched package uploaded for Mageia 2. Patch added in Mageia 1 SVN. Advisory: ======================== Updated libupnp packages fix security vulnerabilities: The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet (CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965 http://www.kb.cert.org/vuls/id/922681 http://www.debian.org/security/2013/dsa-2614 ======================== Updated packages in core/updates_testing: ======================== libupnp6-1.6.15-1.1.mga2 libthreadutil6-1.6.15-1.1.mga2 libixml2-1.6.15-1.1.mga2 libupnp-devel-1.6.15-1.1.mga2 from libupnp-1.6.15-1.1.mga2.src.rpm CC:
(none) =>
fundawang
David Walser
2013-02-06 01:15:47 CET
Severity:
normal =>
critical Testing complete on Mageia 2 i586 and x86-64. No poc, so just testing that amule runs with the updates installed. Could someone from the sysadmin team push the srpm libupnp-1.6.15-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated libupnp packages fix security vulnerabilities: The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet (CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965 http://www.kb.cert.org/vuls/id/922681 http://www.debian.org/security/2013/dsa-2614 https://bugs.mageia.org/show_bug.cgi?id=8974 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037 Status:
NEW =>
RESOLVED |