Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1988 libupnp security update 9 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libupnp Publisher: Debian Operating System: Linux variants Debian GNU/Linux 8 Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-13848 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2238 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libupnp check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libupnp Version : 1.6.19+git20141001-1+deb8u2 CVE ID : CVE-2020-13848 Debian Bug : 962282 libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. This crash can be triggered by sending a malformed SUBSCRIBE or UNSUBSCRIBE using any of the attached files. For Debian 8 "Jessie", this problem has been fixed in version 1.6.19+git20141001-1+deb8u2. We recommend that you upgrade your libupnp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl7d78UACgkQhj1N8u2c KO9Uqg//ep4riyzeth3AoPZTqe1kVbCP6crL3YeWxNH5rSRcqI9Z2S2VZMwObsM3 NYeYTn5gR4R+h4PFY6UjcZnkNbIby43eG2C5AWvAhncdajG2B6y+h6QLeoMHVkq2 JkIalLNRRGHiu4nSxPv9ISkaEbxAQ+Cl+JFj/koBx/wpbl8ubwil5A1HfRLteC9K IuE6B5J+iYMQaQYlsXgnF+2jJ35UHy/OykDv047N4HXo/NaEgOTq/dr+EdKXTuHc FTuvvRcOWYhv91YahWrHEl/lYsFBXyMCoEtxZVE5BMQvMe5x8AuLCdBughsKa1f5 bxywXvUBQiG+1tBuavsFFnhsz4PjdxKa3WjtzK+Tm+dB4pjbI+aVxrHynUcKQz8W NA4Cu9QP06Cyn27JwMuIfjuzISzIZRYVHcYP0gBjt0oyfwQh6dqUOVpY5H2/0bbB iXD+f4JLN0a5bES5erPG1FqiqdrCTcOgCPtiSy+siCo66inp8SukOG3cnhWchuF5 JgaTQ4nRytn/XljZbhVrELEwB2QIzIbgCXVCWrix/AUJ1UKTj1rxX5HTzqzlld3Y EwyrqDHpz5vOxQmediIq3xe+wBcRbaxFsCwRGIQJQS23ogzxF+Z4qSg+1KdPRzLe dPLJRTfpbuJzHQIv1RdgF9GvlkXPOqqQ+C1/RFuAu+Rp7ECXzVE= =HQLu - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXt7VMeNLKJtyKPYoAQhZiA//YDpdThKOJYCdMluKAzgAuOOjdFp7mJyj q2CiJZGK+viIPAQBfrHbpGKD0hMyrzpLJL4J3eAqhFD6BvUasOlE5wUhHhuEPW0p 3RrwgZDfjhHxskHBN5URsb73AuVSmfHfyGjiL6BO3I/FJaCUwO24jSer68ZXqNYc j6VXyTMybikqog2/Yly4BypyGlce/GygcVtZrSHJ0jkX/BRTCtrFhMHQ/EC/Uvt/ vhMce9KNFk5dlxRXIq76LlsU8TVrN2+e3OtB8Cy8FZnF1VuYSUXrTZ5ldd1B9QoK RUyz4wRBnS9xphuC1Hfl+02bkvNXM6dZur3kwte6QIGFDP9rUUtJFb9DcmFvBKZZ PgAVkrZurlPKp+syuU464zr3e3mxQ9Bzt4vqArypRVscZJySWGe2WycAZdkIET+2 /R5tSXBJ159puMrHkPYlWKtxnvhkjnnw6TULXLpCyukIZjlxmlWNWEOZnRoWOP5V 2x52emb3n5GwW0klUvQ82jSCCgo4M7Dp8eqq7DcgVYIGkVVRCA5iiWcEvBxDHAK0 HYbu1GrApSZG0lL+COVL3oNniuaEnsSyQL0B0Cij+ho1YAEWPeAn2Fe0qL1ve4eH o2VWCB6BBIsco/zBQ+L2c9zX4Q7fo+mY5fBIowZFovOEWPwW4DmZKkAKodA/rNnm KSZ42Al6jB8= =m6l3 -----END PGP SIGNATURE-----