Advisories » MGASA-2015-0416

Updated miniupnpc package fixes security vulnerability

Publication date: 30 Oct 2015
Modification date: 30 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-6031

Description

An exploitable buffer overflow vulnerability exists in the XML parser
functionality of the MiniUPnP library. A specially crafted XML response
can lead to a buffer overflow on the stack resulting in remote code
execution. An attacker can set up a server on the local network to trigger
this  vulnerability (CVE-2015-6031).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16985
• http://talosintel.com/reports/TALOS-2015-0035/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6031

SRPMS

5/core

• miniupnpc-1.9.20141128-1.1.mga5