You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa miniupnpc

Sigurnosni nedostatak programskog paketa miniupnpc

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3562-1
February 07, 2018

miniupnpc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

MiniUPnP could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
– miniupnpc: UPnP IGD client lightweight library

Details:

It was discovered that MiniUPnP incorrectly handled memory. A remote
attacker could use this issue to cause a denial of service or possibly
execute arbitrary code with privileges of the user running an application
that uses the MiniUPnP library.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libminiupnpc10 1.9.20140610-4ubuntu1.1

Ubuntu 16.04 LTS:
libminiupnpc10 1.9.20140610-2ubuntu2.16.04.2

Ubuntu 14.04 LTS:
libminiupnpc8 1.6-3ubuntu2.14.04.4

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3562-1
CVE-2017-1000494

Package Information:
https://launchpad.net/ubuntu/+source/miniupnpc/1.9.20140610-4ubuntu1.1
https://launchpad.net/ubuntu/+source/miniupnpc/1.9.20140610-2ubuntu2.16.04.2
https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu2.14.04.4

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJae1tMAAoJEGVp2FWnRL6TAj0QALJ3LAaLPEOrExldQsJ78w6Y
tbFN/De7E7O81aSVXO53Cy2Sxtovwz8EWVv54uRe3oi+R4OFtQfR4CIaBlFYYZnb
FZl0/PrNvAnYDWUI6BFtTRgKC21zUH6YwAEpD9lEk+db4gXyfdfNTWR9YVzVwNRU
zkuDbo2Mqa3N38MQw834xP05wPoihyU/2zofqVXTX5qu4xauZPEvziwUSOKfL5hw
/TbdsJRrSBUl6mUCNew+WvW3mS80C2AWv6AmdqMp2gQxWE1dnl2f+XPRjNYeLY9g
C+5Hc0a7KjeU2bUZQcwdNBAxAmLTjPH09UOq2PAonkdhIj+/KcKceD24vn/MDY93
xJy0SId/zCjSo01j/O4FxW+ukwlOlTGDH6K2whq4ZCMHFDCrmfNkSZbyrx0UKk5z
Jbhp0ihpfY+bbqzZ2Te89+xi9bpnj9Qg1+PFBu0M1gSYyOjoAt8aFxWAjsrplbSb
bzS5DyyBwc32xUPP8q22J/X0PSEAXJP6kmzpPpC7AIPghWKI0bwU0a0Hlx9fAWRr
us+CNNy4xXiusjCGgvAsgKrXMObSrlcTYiA7i4seVRcxcUIWTgvg2AbUITcG2fiB
6oXtTmxdPnjxLsGUfkQf0YvMFNB4i12C5ICnl98aufFArfQYT8JBI9UKVblbzuaF
W0qo+9CaAyl9DmEjmNcV
=NdZm
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-02-0063-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libtasn1

Otkriveni su sigurnosni nedostaci u programskoj biblioteci libtasn1 za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja....

Close