Bug 43219 – libupnp: Multiple issues (4.1)

Bug 43219 - libupnp: Multiple issues (4.1)


Summary:	libupnp: Multiple issues (4.1)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P2 normal (vote)
Target Milestone:	UCS 4.1-4-errata
Assigned To:	Arvid Requate
QA Contact:	Janek Walkenhorst

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-12-19 18:01 CET by Arvid Requate
Modified:	2017-04-19 13:29 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2016-12-19 18:01:22 CET

Comment 1 Arvid Requate

2016-12-19 18:04:23 CET

Upstream Debian package version 1:1.6.17-1.2+deb7u2 fixes this issue:

* heap-based buffer overflow in libupnp, a portable SDK for UPnP Devices. That can lead to denial of service or remote code execution.

Comment 2 Arvid Requate

2016-12-19 18:09:45 CET

That's CVE-2016-8863.

Advisory: libupnp.yaml

Comment 3 Stefan Gohmann

2016-12-21 06:28:52 CET

r75459:
Remove UCS 4.1-3 from YAML file since UCS 4.1-3 is no longer in maintenance (Bug #43219)

Comment 4 Janek Walkenhorst

2017-04-13 11:51:18 CEST

Tests (amd64): OK
Advisory: OK

Comment 5 Janek Walkenhorst

2017-04-19 13:29:04 CEST

<http://errata.software-univention.de/ucs/4.1/409.html>