Advisories » MGASA-2018-0250

Updated miniupnpc packages fix security vulnerability

Publication date: 19 May 2018
Modification date: 19 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-1000494

Description

It was discovered that miniupnpc contained a heap buffer overflow in
parseelt (minixml.c - no CVE assigned).

It was discovered that miniupnpc also contained a memory corruption
(invalid read, SIGSEGV) in NameValueParserEndElt (upnpreplyparse.c)
while handling two consecutive malformed SOAP requests
(CVE-2017-1000494).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22560
• https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000494.html
• https://github.com/miniupnp/miniupnp/issues/268
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000494

SRPMS

6/core

• miniupnpc-2.0.20170509-1.1.mga6