Lucene search

K
suseSuseOPENSUSE-SU-2020:2194-1
HistoryDec 07, 2020 - 12:00 a.m.

Security update for minidlna (moderate)

2020-12-0700:00:00
lists.opensuse.org
27

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C

An update that fixes two vulnerabilities is now available.

Description:

This update for minidlna fixes the following issues:

minidlna was updated to version 1.3.0 (boo#1179447)

 - Fixed some build warnings when building with musl.
 - Use $USER instead of $LOGNAME for the default friendly name.
 - Fixed build with GCC 10
 - Fixed some warnings from newer compilers
 - Disallow negative HTTP chunk lengths. [CVE-2020-28926]
 - Validate SUBSCRIBE callback URL. [CVE-2020-12695]
 - Fixed spurious warnings with ogg coverart
 - Fixed an issue with VLC where browse results would be truncated.
 - Fixed bookmarks on Samsung Q series
 - Added DSD file support.
 - Fixed potential stack smash vulnerability in getsyshwaddr on macOS.
 - Will now reload the log file on SIGHUP.
 - Worked around bad SearchCriteria from the Control4 Android app.
 - Increased max supported network addresses to 8.
 - Added forced alphasort capability.
 - Added episode season and number metadata support.
 - Enabled subtitles by default for unknown DLNA clients, and add
   enable_subtitles config option.
 - Fixed discovery when connected to certain WiFi routers.
 - Added FreeBSD kqueue support.
 - Added the ability to set the group to run as.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or β€œzypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.1:

    zypper in -t patch openSUSE-2020-2194=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.1x86_64<Β - openSUSE Leap 15.1 (x86_64):- openSUSE Leap 15.1 (x86_64):.x86_64.rpm

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:N/A:C