Advisories » MGASA-2020-0270

Updated libupnp packages fix security vulnerability

Publication date: 04 Jul 2020
Modification date: 04 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13848

Description

The updated packages fix a security vulnerability:

Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote
attackers to cause a denial of service (crash) via a crafted SSDP
message due to a NULL pointer dereference in the functions
FindServiceControlURLPath and FindServiceEventURLPath in
genlib/service_table/service_table.c. (CVE-2020-13848)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26752
• https://www.debian.org/lts/security/2020/dla-2238
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13848

SRPMS

7/core

• libupnp-1.8.4-3.1.mga7