-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2585-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 08, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : libupnp Version : 1:1.6.19+git20160116-1.2+deb9u1 CVE ID : CVE-2020-13848 Debian Bug : 962282 libupnp, the portable SDK for UPnP Devices allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. For Debian 9 stretch, this problem has been fixed in version 1:1.6.19+git20160116-1.2+deb9u1. We recommend that you upgrade your libupnp packages. For the detailed security status of libupnp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libupnp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBFWYwACgkQgj6WdgbD S5a53A/+JHuGZsgaT5GeQDuQS9vJGEgdy0k9BvnNYCdKt+fSzcGY/c0BLg5+J9iO BxrB67+3d7/uECpaz6BDCvzFWQLLADWtQB+aBwKtJQlc7vic6zee92YK5gxg1lTJ mnvM25GMOS/OGEaZZYrA7blwkr3Wg8b09b9fYOgw0Amc1B9qTSV1Yujf+gA4o9dx Kxohw+0DkNXVBSl+oPF4GQHSV69hvYZ30sliZAg3jLJhhobFN+5Cktr6WIPaoKpE jmJqmR7K7b4fOZBizgFuJLoDKu6QJLHPRp7Svy12BL1l6SjU/uQ875f7hC6wU4Ce 9rdQL7NtdMvyAc697lnA1CunQRcL4mJDKJ3VGHJkWKx//S5MLiR19oeTKVa99kAb uasMmnCMtIaObxpMTtAUIMyVy6HzIEHNrlOWCuB30gyHDGJZ+KkNSuNmRD79tcT8 hEfoYXd5xX7Z9sYjv13frCdxP+TtDiYu+L+kctx6oHVxfcDsA1ruwrxBjL7cse/0 MxuY1CHr+TZwJv3BE5N4rvealR85LvY9KYGxtB7XHgQ6ky5yrgT8YSt4xTgAyOW1 73SjAt9GGU2ULdvgKH3Bb+EnXGc6RKTuATzZd1HZopaE9CLeEw8kUmvTojYKw3qd ie/THGIBJ3L7jhalQgqtFdIgVbDyAt8QJetti57TRYORvEuHK08= =ZLF+ -----END PGP SIGNATURE-----
