You are here
Home > Preporuke > Ranjivost programskog paketa miniupnpc

Ranjivost programskog paketa miniupnpc

by ncert - 0
  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2280-1
July 16, 2014

miniupnpc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS

Summary:

MiniUPnPc could be made to crash if it received specially crafted network
traffic.

Software Description:
– miniupnpc: UPnP IGD client lightweight library client

Details:

It was discovered that MiniUPnPc incorrectly handled certain buffer
lengths. A remote attacker could possibly use this issue to cause
applications using MiniUPnPc to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libminiupnpc8 1.6-3ubuntu2.14.04.1

Ubuntu 13.10:
libminiupnpc8 1.6-3ubuntu2.13.10.1

Ubuntu 12.04 LTS:
libminiupnpc8 1.6-3ubuntu1.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2280-1
CVE-2014-3985

Package Information:
https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu2.14.04.1
https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu2.13.10.1
https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTxoeYAAoJEGVp2FWnRL6TVikP/RsbRYfgnklusmm7/UO6+BvO
wGpuz3oNl+It7pIdq/69wJGXsDm0rRzadAB0Mg1v/nmbde8WBkMd+OajXqSKS6A+
lU8ewxq0/cJge6T83YQ4hQr+aote2r5cPBPMYu8TDu+lIs2dUR4tLnsKrXllFrKN
Fxd3vUG2NALQ0pYhz00lEnnVvslZ6m7i2BM5bDPCipwwdfg24kBo3Ya8NmO/fROS
Wkh2UBDZmVuomnBcQKse81pgMhFCiGZO7sAbxFkVwioRGlJSgFM0lDVWC4GHdP7Q
jzeRC0PfMQlVDM9N5+M3vdGLAtvrLmp4Ndz2Ipyaz/DOln1vqQREBlNHlnYmQFyF
UMbr6cItKWbQK0qcHBsXI+pUpm6RH0S5LTpI17z1iYOMrTk9aE0sY7gxBNVBL2RJ
3sc6tbPnj/sHVe76NDx+SzZSWacXdNrEStGzrhgt/PQED9zSd00apKOyzVzzbNyD
AoWc5M5F8HXw86Eo6pZvuPJswEBFEyhnA7qwCpeXW5/Asz33xEt+GVZMgr4QhW6q
RD2iK4n8zdWOfyGHzTkTxVK6tK6eBcCMnMwuyHIKZgMqKgSLKSp6aui9F6zh5WDR
yiGq9Wwkk3Qm/hRhNmMd+EFu04tkRo4zapZ29sQwWklHe7S3mH91UXpdcDz/ox9f
SQlgFdhgKJNNzZZD387a
=Jp/4
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-07-0010-ADV
CveCVE-2014-3985
ID izvornikaUSN-2280-1
Proizvodminiupnpc
Izvorhttp://www.ubuntu.com
ncert
Top
More in Preporuke
Nadogradnja za Drupal

Izdana je nadogradnja za otklanjanje četiri ranjivosti (dvije kritične) u jezgri Drupal CMS-a inačica 6 i 7. Ranjivosti zahvaćaju nekoliko...

Close