Lucene search

K
debianDebianDEBIAN:DSA-4806-1:B822C
HistoryDec 07, 2020 - 9:39 p.m.

[SECURITY] [DSA 4806-1] minidlna security update

2020-12-0721:39:06
lists.debian.org
43

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C

0.071 Low

EPSS

Percentile

94.0%


Debian Security Advisory DSA-4806-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
December 07, 2020 https://www.debian.org/security/faq


Package : minidlna
CVE ID : CVE-2020-12695 CVE-2020-28926
Debian Bug : 976594 976595

It was discovered that missing input validation in minidlna, a
lightweight DLNA/UPnP-AV server could result in the execution of
arbitrary code. In addition minidlna was susceptible to the
"CallStranger" UPnP vulnerability.

For the stable distribution (buster), these problems have been fixed in
version 1.2.1+dfsg-2+deb10u1.

We recommend that you upgrade your minidlna packages.

For the detailed security status of minidlna please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/minidlna

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10allminidlna<Β 1.2.1+dfsg-2+deb10u1minidlna_1.2.1+dfsg-2+deb10u1_all.deb

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C

0.071 Low

EPSS

Percentile

94.0%