Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4806-1] minidlna security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4806-1] minidlna security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4806-1] minidlna security update
  • Date: Mon, 7 Dec 2020 21:38:44 +0000
  • List-archive: https://lists.debian.org/msgid-search/20201207213844.GB9294 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=qYeU0rArrRQOYakEqMDvHDpGzWZ+E0WKXip4BJk1bw4=; b=r/ WiIlqXBSlK+q3O0Xh3YJ2l60AOX+OFBBbRGLraqitTfj6DWOrSKnrs/Qhj99gX9/u5CN/IqBaYC9y emyddoJ3vHmSdMFN5dn0Ekp1uNvOYsNV7AvydXVipU31sXcgTKF36RWgUF6qos3C+hEpI+j0LRM5e siTQL7j+opj4A1JwwlfO2v2VGNoiXQId8rCQUa+gP8s1DYBm9mKPATGKMWua1wp7TzMJP0VMQKFy7 VtNZX8qwk0VsSBFlCpID67zwY0Xme3lGqJAUWTijCBio4fkA0CFWQ1EP2Rp7bEleclwFqaMK1yrlX VTiUndp2aJkKseOXiUMe1i4lxZpXj+cQ==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 7 Dec 2020 21:39:06 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <lZqdFWYoahF.A.UuF.6DqzfB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4806-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 07, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : minidlna
CVE ID : CVE-2020-12695 CVE-2020-28926
Debian Bug : 976594 976595

It was discovered that missing input validation in minidlna, a
lightweight DLNA/UPnP-AV server could result in the execution of
arbitrary code. In addition minidlna was susceptible to the
"CallStranger" UPnP vulnerability.

For the stable distribution (buster), these problems have been fixed in
version 1.2.1+dfsg-2+deb10u1.

We recommend that you upgrade your minidlna packages.

For the detailed security status of minidlna please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/minidlna

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/OoCMACgkQEMKTtsN8
TjZ5YQ//YGsiR+FuV2o0gO7334yrekgj3oDhkhfkL0TIkaMRSacnZMLcnK/5Pp7D
ft4/MopnhoXucoVfiEXyixQn+LmwXQF5IAv6AGQp0ZK5UqNxMVGtvltjSf46Qamk
mag8ZzaskPYnLtSARRYZ9U5zV8B94CvEnQ/azqhjQLbkvQNwv+Wjg63CiFMG1HKz
Kmnx5bsmucmVSj7uRFaiQ0p1VA+iCJguQX7dsJ6StIkx2yjAalvvTW8hljEG7AL7
Y/i+7FWkFjrLtiLms88OOVevlWIqywCd7t3DVxAlCY2ANpaauUCcF8MG1j+03unu
QLowyXLAPaaEfNBpkEpsLEns3Ez6WjzuVUJIMD+vSYpNneo5q2gkwXhz0s5cABg8
WMfDamIfwufwRR0MCYAfChyk5ftF2MydcYYWnLEWD9MFL81igQFqFFs96k/dcCft
nJNypruzPnvsDOjijNMGU5RWpYBI9ebFL9meC7XtHeLwvM4UUbfOiS1/zZUVuDPI
WHbqDbuO+1CjnWpTFSSo6RSlq/qYMgPqEn6g/GEOaxOCpPimhx/qYbj1sWsEnnNM
bekwhDVuxRt4eL9iGMI3pQJYOsP441bYGFjiYNBLdPOlY0lzhyNsLJW1Jskf9cpF
cimkWMtrj2niUUR0tit8tBn+hokuWdiP3Jelb8DmxynkGRCYsZg=
=P2Sb
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4806-1] minidlna security update, Moritz Muehlenhoff, 07.12.2020

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang