[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2973-1] minidlna security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2973-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
April 10, 2022                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : minidlna
Version        : 1.1.6+dfsg-1+deb9u2
CVE ID         : CVE-2022-26505


An issue has been found in minidlna, a lightweight DLNA/UPnP-AV server targeted at embedded systems. HTTP requests needed more checks to protect against DNS rebinding, thus forbid a remote web server to exfiltrate media files.


For Debian 9 stretch, this problem has been fixed in version
1.1.6+dfsg-1+deb9u2.

We recommend that you upgrade your minidlna packages.

For the detailed security status of minidlna please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/minidlna

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmJSCYpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdoVg/+LypviYUbVmDH/81bzscltxNbgVoTRkuqByaGbuMhjqAKPTPiCB8+Iep6
+WxTYEHvayue+eRgCkn8LhPMNfLVS8sX+d558j+LbEAHgEWzYVkKSiDbVIbdqSn9
tejUy0Ewi0i77mvtsg/AlWphz78JSB4cAdShBR5asKxeyMxUgKNxnhdM+9fSwN2R
32VOcoIXrgQLcPOPzZxYRGWcwj7SK0CuIsUXu0oeIMdkpBXDQOI2pau6qlS8SL2X
6mllt+Cun/ALVj1R1OuO2C3YQ0Njp//MH2ffTqE2gu7zylybMwUkUvYL8TnpAzqh
TJrEApqSrEPwJuH7pE7Be+uWtAFgr1WPcBdXulxpucryfW2Cr6pR0+C79foenDlz
nJSg/qxpVDipdbI3anTp/xvGdHNYTkuI3Nw6b+d8MnW18cbcmoH0A58UMlINhh7z
UDk45lP7f09NCG+lyT6eKFFt2nsgPjp6sq3YnIKJdwmol2DquvWzEJaWiUhhTeEh
XDtxz9K7AymnFOMusjEDwIHsnmzFo/jI8lBOUh8+ay6vDtZe+iqrSjkPyTdp0Kzq
vzp0rkVtIlrPYhzY7lNp8emfaf4+7wTWRdhVXUmxrQ9xo/klHwNgcGv6EfBXp1Bc
NhR+60r5G3YkUONwXXgXpu9DRpJB67UXRK7pHAqAl4n5BM1bS08=
=7Q88
-----END PGP SIGNATURE-----


Reply to: