From Mageia wiki
Jump to: navigation, search

MGASA-2013-0037

Date: February 6th, 2013
Affected releases: 2
Media: Core


Description:
Updated libupnp packages fix security vulnerabilities:

The Portable SDK for UPnP Devices libupnp library contains multiple buffer
overflow vulnerabilities. Devices that use libupnp may also accept UPnP
queries over the WAN interface, therefore exposing the vulnerabilities to
the internet (CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,
CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965).


Updated Packages:
i586:
libixml2-1.6.15-1.1.mga2.i586.rpm
libthreadutil6-1.6.15-1.1.mga2.i586.rpm
libupnp6-1.6.15-1.1.mga2.i586.rpm
libupnp-devel-1.6.15-1.1.mga2.i586.rpm
libupnp-debug-1.6.15-1.1.mga2.i586.rpm

x86_64:
lib64ixml2-1.6.15-1.1.mga2.x86_64.rpm
lib64threadutil6-1.6.15-1.1.mga2.x86_64.rpm
lib64upnp6-1.6.15-1.1.mga2.x86_64.rpm
lib64upnp-devel-1.6.15-1.1.mga2.x86_64.rpm
libupnp-debug-1.6.15-1.1.mga2.x86_64.rpm

SRPMS:
libupnp-1.6.15-1.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965
http://www.kb.cert.org/vuls/id/922681
http://www.debian.org/security/2013/dsa-2614
https://bugs.mageia.org/show_bug.cgi?id=8974