{ "schema_version": "1.7.0", "id": "MGASA-2014-0435", "published": "2014-10-29T11:30:40Z", "modified": "2014-10-29T09:41:47Z", "summary": "Updated MythTV packages to harden against SSDP reflection attacks", "details": "Updated MythTV packages to harden against SSDP reflection attacks\n\nMythTV's UPNP component was suseptable to SSDP reflection attacks\nand has been hardened to disallow SSDP device discovery from non-local\naddresses as mitigation.\n\nAdditionally, a popular schedules retrieval service, Schedules Direct,\nwill deprecate the old URL used by MythTV to retrieve metadata on 1st\nNovember 2015. This build of MythTV also updates the URL for this this\nservice for continued operation going forward.\n", "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0435.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=14347" }, { "type": "WEB", "url": "https://www.prolexic.com/knowledge-center-ddos-threat-advisory-ssdp-reflection-ddos-attacks.html" }, { "type": "WEB", "url": "https://www.prolexic.com/kcresources/prolexic-threat-advisories/prolexic-threat-advisory-ssdp-reflection-ddos-attacks/ssdp-reflection-attacks-cybersecurity-locked.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "mythtv", "purl": "pkg:rpm/mageia/mythtv?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.27.4-20141022.1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "mythtv-mythweb", "purl": "pkg:rpm/mageia/mythtv-mythweb?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.27.4-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "mythtv", "purl": "pkg:rpm/mageia/mythtv?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.27.4-20141022.1.mga3.tainted" } ] } ], "ecosystem_specific": { "section": "tainted" } }, { "package": { "ecosystem": "Mageia:4", "name": "mythtv", "purl": "pkg:rpm/mageia/mythtv?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.27.4-20141022.1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "mythtv-mythweb", "purl": "pkg:rpm/mageia/mythtv-mythweb?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.27.4-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "mythtv", "purl": "pkg:rpm/mageia/mythtv?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.27.4-20141022.1.mga4.tainted" } ] } ], "ecosystem_specific": { "section": "tainted" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }