Updated miniupnpc packages fix security vulnerability
Publication date: 19 May 2018Modification date: 19 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-1000494
Description
It was discovered that miniupnpc contained a heap buffer overflow in parseelt (minixml.c - no CVE assigned). It was discovered that miniupnpc also contained a memory corruption (invalid read, SIGSEGV) in NameValueParserEndElt (upnpreplyparse.c) while handling two consecutive malformed SOAP requests (CVE-2017-1000494).
References
SRPMS
6/core
- miniupnpc-2.0.20170509-1.1.mga6