logo
DATABASE RESOURCES PRICING ABOUT US

Updated minidlna packages fix security vulnerabilities

Description

It was discovered that minidlna does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue (CVE-2020-12695). Minidlna before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove (CVE-2020-28926).


Affected Package


OS OS Version Package Name Package Version
Mageia 7 minidlna 1.2.1-3.1

Related