A CVE has been assigned for a security issue in libupnp: http://openwall.com/lists/oss-security/2016/07/20/5 A patch to fix it is linked in the message above. Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated libupnp packages fix security vulnerability: libupnp's default behavior allows an unauthenticated user access to a server's filesystem through POST and GET requests (CVE-2016-6255). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255 http://openwall.com/lists/oss-security/2016/07/20/5 ======================== Updated packages in core/updates_testing: ======================== libupnp6-1.6.19-4.1.mga5 libthreadutil6-1.6.19-4.1.mga5 libixml2-1.6.19-4.1.mga5 libupnp-devel-1.6.19-4.1.mga5 from libupnp-1.6.19-4.1.mga5.src.rpm
Used by amule, openclonk, retroshare, ushare, and vlc-plugin-upnp. Not sure which ones of those would enable the HTTP server.
MGA5-32 on AcerD60 Xfce No installation issues Used test as per bug14143 Comment 9, used VLC to play music , works OK.
CC: (none) => herman.viaene
Whiteboard: (none) => has_procedure MGA5-32-OK
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0266.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/695558/