Advisories ยป MGASA-2018-0250

Updated miniupnpc packages fix security vulnerability

Publication date: 19 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-1000494

Description

It was discovered that miniupnpc contained a heap buffer overflow in
parseelt (minixml.c - no CVE assigned).

It was discovered that miniupnpc also contained a memory corruption
(invalid read, SIGSEGV) in NameValueParserEndElt (upnpreplyparse.c)
while handling two consecutive malformed SOAP requests
(CVE-2017-1000494).
                

References

SRPMS

6/core