Updated MythTV packages to harden against SSDP reflection attacks
Publication date: 29 Oct 2014Modification date: 29 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
Description
Updated MythTV packages to harden against SSDP reflection attacks MythTV's UPNP component was suseptable to SSDP reflection attacks and has been hardened to disallow SSDP device discovery from non-local addresses as mitigation. Additionally, a popular schedules retrieval service, Schedules Direct, will deprecate the old URL used by MythTV to retrieve metadata on 1st November 2015. This build of MythTV also updates the URL for this this service for continued operation going forward.
References
- https://bugs.mageia.org/show_bug.cgi?id=14347
- https://www.prolexic.com/knowledge-center-ddos-threat-advisory-ssdp-reflection-ddos-attacks.html
- https://www.prolexic.com/kcresources/prolexic-threat-advisories/prolexic-threat-advisory-ssdp-reflection-ddos-attacks/ssdp-reflection-attacks-cybersecurity-locked.html
SRPMS
3/core
- mythtv-0.27.4-20141022.1.mga3
- mythtv-mythweb-0.27.4-1.mga3
3/tainted
- mythtv-0.27.4-20141022.1.mga3.tainted
4/tainted
- mythtv-0.27.4-20141022.1.mga4.tainted
4/core
- mythtv-0.27.4-20141022.1.mga4
- mythtv-mythweb-0.27.4-1.mga4