[SECURITY] [DLA 2585-1] libupnp security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2585-1] libupnp security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Mon, 8 Mar 2021 04:25:20 +0530
Message-id: <[🔎] CAPP0f94eo4uKqwg5AiYknn0GCkyuea9dqNvL_5152X8C21DaEA@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2585-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
March 08, 2021                              https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : libupnp
Version        : 1:1.6.19+git20160116-1.2+deb9u1
CVE ID         : CVE-2020-13848
Debian Bug     : 962282

libupnp, the portable SDK for UPnP Devices allows remote attackers to
cause a denial of service (crash) via a crafted SSDP message due to a
NULL pointer dereference in the functions FindServiceControlURLPath
and FindServiceEventURLPath in genlib/service_table/service_table.c.

For Debian 9 stretch, this problem has been fixed in version
1:1.6.19+git20160116-1.2+deb9u1.

We recommend that you upgrade your libupnp packages.

For the detailed security status of libupnp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libupnp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBFWYwACgkQgj6WdgbD
S5a53A/+JHuGZsgaT5GeQDuQS9vJGEgdy0k9BvnNYCdKt+fSzcGY/c0BLg5+J9iO
BxrB67+3d7/uECpaz6BDCvzFWQLLADWtQB+aBwKtJQlc7vic6zee92YK5gxg1lTJ
mnvM25GMOS/OGEaZZYrA7blwkr3Wg8b09b9fYOgw0Amc1B9qTSV1Yujf+gA4o9dx
Kxohw+0DkNXVBSl+oPF4GQHSV69hvYZ30sliZAg3jLJhhobFN+5Cktr6WIPaoKpE
jmJqmR7K7b4fOZBizgFuJLoDKu6QJLHPRp7Svy12BL1l6SjU/uQ875f7hC6wU4Ce
9rdQL7NtdMvyAc697lnA1CunQRcL4mJDKJ3VGHJkWKx//S5MLiR19oeTKVa99kAb
uasMmnCMtIaObxpMTtAUIMyVy6HzIEHNrlOWCuB30gyHDGJZ+KkNSuNmRD79tcT8
hEfoYXd5xX7Z9sYjv13frCdxP+TtDiYu+L+kctx6oHVxfcDsA1ruwrxBjL7cse/0
MxuY1CHr+TZwJv3BE5N4rvealR85LvY9KYGxtB7XHgQ6ky5yrgT8YSt4xTgAyOW1
73SjAt9GGU2ULdvgKH3Bb+EnXGc6RKTuATzZd1HZopaE9CLeEw8kUmvTojYKw3qd
ie/THGIBJ3L7jhalQgqtFdIgVbDyAt8QJetti57TRYORvEuHK08=
=ZLF+
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2584-1] libcaca security update
Next by Date: [SECURITY] [DLA 2553-2] xcftools regression update
Previous by thread: [SECURITY] [DLA 2584-1] libcaca security update
Next by thread: [SECURITY] [DLA 2553-2] xcftools regression update
Index(es):
- Date
- Thread