Security Information / 2020 / Security Information -- DSA-4806-1 minidlna

Debian Security Advisory

DSA-4806-1 minidlna -- security update

Date Reported:

07 Dec 2020

Affected Packages:

minidlna

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 976594, Bug 976595.
In Mitre's CVE dictionary: CVE-2020-12695, CVE-2020-28926.

More information:

It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the CallStranger UPnP vulnerability.

For the stable distribution (buster), these problems have been fixed in version 1.2.1+dfsg-2+deb10u1.

We recommend that you upgrade your minidlna packages.

For the detailed security status of minidlna please refer to its security tracker page at: https://security-tracker.debian.org/tracker/minidlna