Updated miniupnpc packages fix security vulnerability

2018-05-1923:56:45

Gentoo Foundation

advisories.mageia.org

0.001 Low

EPSS

Percentile

43.5%

JSON

It was discovered that miniupnpc contained a heap buffer overflow in parseelt (minixml.c - no CVE assigned). It was discovered that miniupnpc also contained a memory corruption (invalid read, SIGSEGV) in NameValueParserEndElt (upnpreplyparse.c) while handling two consecutive malformed SOAP requests (CVE-2017-1000494).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchminiupnpc< 2.0.20170509-1.1miniupnpc-2.0.20170509-1.1.mga6

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	miniupnpc	< 2.0.20170509-1.1	miniupnpc-2.0.20170509-1.1.mga6

References

bugs.mageia.org/show_bug.cgi?id=22560

github.com/miniupnp/miniupnp/issues/268

people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000494.html

0.001 Low

EPSS

Percentile

43.5%

JSON

Related for MGASA-2018-0250