From Mageia wiki
Jump to: navigation, search
(Created page with "== MGASA-2013-0037 == {| |'''Date:''' |February 6th, 2013 |- |'''Affected releases:''' |2 |- |'''Media:''' |Core |} '''Description:'''<br/> '''Updated Packages:'''<br/> i586...")
 
 
Line 14: Line 14:
  
 
'''Description:'''<br/>
 
'''Description:'''<br/>
 +
Updated libupnp packages fix security vulnerabilities:<br/>
 +
 +
The Portable SDK for UPnP Devices libupnp library contains multiple buffer<br/>
 +
overflow vulnerabilities. Devices that use libupnp may also accept UPnP<br/>
 +
queries over the WAN interface, therefore exposing the vulnerabilities to<br/>
 +
the internet (CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,<br/>
 +
CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965).<br/>
  
  
 
'''Updated Packages:'''<br/>
 
'''Updated Packages:'''<br/>
 
i586:<br/>
 
i586:<br/>
 +
libixml2-1.6.15-1.1.mga2.i586.rpm<br/>
 +
libthreadutil6-1.6.15-1.1.mga2.i586.rpm<br/>
 +
libupnp6-1.6.15-1.1.mga2.i586.rpm<br/>
 +
libupnp-devel-1.6.15-1.1.mga2.i586.rpm<br/>
 +
libupnp-debug-1.6.15-1.1.mga2.i586.rpm<br/>
  
 
x86_64:<br/>
 
x86_64:<br/>
 +
lib64ixml2-1.6.15-1.1.mga2.x86_64.rpm<br/>
 +
lib64threadutil6-1.6.15-1.1.mga2.x86_64.rpm<br/>
 +
lib64upnp6-1.6.15-1.1.mga2.x86_64.rpm<br/>
 +
lib64upnp-devel-1.6.15-1.1.mga2.x86_64.rpm<br/>
 +
libupnp-debug-1.6.15-1.1.mga2.x86_64.rpm<br/>
  
 
SRPMS:<br/>
 
SRPMS:<br/>
 +
libupnp-1.6.15-1.1.mga2.src.rpm<br/>
  
  
 
'''References:'''<br/>
 
'''References:'''<br/>
 +
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958<br/>
 +
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959<br/>
 +
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960<br/>
 +
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961<br/>
 +
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962<br/>
 +
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963<br/>
 +
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964<br/>
 +
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965<br/>
 +
http://www.kb.cert.org/vuls/id/922681<br/>
 +
http://www.debian.org/security/2013/dsa-2614<br/>
 +
https://bugs.mageia.org/show_bug.cgi?id=8974<br/>

Latest revision as of 21:03, 6 February 2013

MGASA-2013-0037

Date: February 6th, 2013
Affected releases: 2
Media: Core


Description:
Updated libupnp packages fix security vulnerabilities:

The Portable SDK for UPnP Devices libupnp library contains multiple buffer
overflow vulnerabilities. Devices that use libupnp may also accept UPnP
queries over the WAN interface, therefore exposing the vulnerabilities to
the internet (CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961,
CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965).


Updated Packages:
i586:
libixml2-1.6.15-1.1.mga2.i586.rpm
libthreadutil6-1.6.15-1.1.mga2.i586.rpm
libupnp6-1.6.15-1.1.mga2.i586.rpm
libupnp-devel-1.6.15-1.1.mga2.i586.rpm
libupnp-debug-1.6.15-1.1.mga2.i586.rpm

x86_64:
lib64ixml2-1.6.15-1.1.mga2.x86_64.rpm
lib64threadutil6-1.6.15-1.1.mga2.x86_64.rpm
lib64upnp6-1.6.15-1.1.mga2.x86_64.rpm
lib64upnp-devel-1.6.15-1.1.mga2.x86_64.rpm
libupnp-debug-1.6.15-1.1.mga2.x86_64.rpm

SRPMS:
libupnp-1.6.15-1.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965
http://www.kb.cert.org/vuls/id/922681
http://www.debian.org/security/2013/dsa-2614
https://bugs.mageia.org/show_bug.cgi?id=8974

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0037&oldid=14017"