[SECURITY] [DLA 454-1] minissdpd security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 454-1] minissdpd security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 3 May 2016 22:29:30 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1605032228230.7728@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : minissdpd
Version        : 1.1.20120121-1+deb7u1
CVE ID         : CVE-2016-3178 CVE-2016-3179

The minissdpd daemon contains a improper validation of array index
vulnerability (CWE-129) when processing requests sent to the Unix
socket at /var/run/minissdpd.sock the Unix socket can be accessed
by an unprivileged user to send invalid request causes an
out-of-bounds memory access that crashes the minissdpd daemon.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJXKQoqXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHSYwP/0AyUDVqdegSSM54+Hk6eTpb
BL8oY2ZbYX91EVmnquAJRncWAhFJBKN9KYjEQW+9VGPag1SmiasdzSWW6qMeCDOg
sV6ZuPz7DDxIvPz3ZEV6qou/5/Hd3CYhYD4td+/gvDOLQ9aXGwPaQrE/5rv7piU4
5Oio16sHLg/FWYT2OO1ITwb//IxU4yAkNrVg6OCxHRYMUXgUEevVp+XWseQfdjfb
lCC0CJr/x8u7yePdMlFi3hW+fs76JpOjQ1L1mdVYOeUlcNlKQzhSY5jaAPnHqrHQ
crjV44QQFJEUQ2cQlaHrsjWOI5zCOa58MT1zs45JBsV6YnF/Ilr+d0NzkLJSNvn7
enqY7aifRfoAep1VIQVMarC1AOMQJlvqd+AVElYJ2F4Pw+FZLSZPVPfT78svEZLs
HpKxmUTO5ofp4UHjah9NRc8vBwjp9mgGSwG7DzqfWeILFnv+o+LetREiOiEP9Gr1
RULRQRw+/wdX4l2lpwOAVVuyNFNSp4zKH+iigCoEg1N4wrqgsgDuHRK9G/4iR4gS
bDN6LU3NRdJXAEMtlPEST3/R8ihSNKXfwFe7dA0n13VLhOZdo+/LM6ZTDOs63tkO
/1UaNZohJ3P0rs6xw+GvnOymT6b0kq2qBRVMJpgiFYGgDaMaE0fBZUVgtInrWSe5
OwNqnTkYlHwbwWuO73IJ
=UhdE
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 452-1] smarty3 security update
Next by Date: [SECURITY] [DLA 453-1] extplorer security update
Previous by thread: [SECURITY] [DLA 452-1] smarty3 security update
Next by thread: [SECURITY] [DLA 453-1] extplorer security update
Index(es):
- Date
- Thread