openSUSE-SU-2014:0815-1: moderate: miniupnpc: Update to 1.9 to fix buffer overflow

18 Jun 2014

      openSUSE Security Update: miniupnpc: Update to 1.9 to fix buffer overflow
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:0815-1
Rating:             moderate
References:         #881990 
Cross-References:   CVE-2014-3985
Affected Products:
                    openSUSE 13.1
                    openSUSE 12.3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   miniupnpc was updated to 1.9 to fix a potential buffer overrun in
   miniwget.c (CVE-2014-3985).

   Besides that the following issues were fixed:
   * added argument remoteHost to UPNP_GetSpecificPortMappingEntry()
   * increment API_VERSION to 10
   * --help and -h arguments in upnpc.c
   * define MAXHOSTNAMELEN if not already done
   * update upnpreplyparse to allow larger values (128 chars instead of 64)
   * Update upnpreplyparse to take into account "empty" elements
   * validate upnpreplyparse.c code with "make check"
   * Fix Solaris build thanks to Maciej Małecki
   * Fix testminiwget.sh for BSD
   * Fixed Makefile for *BSD
   * Update Makefile to use JNAerator version 0.11
   * Fix testminiwget.sh for use with dash
   * Use $(DESTDIR) in Makefile

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2014-431

   - openSUSE 12.3:

      zypper in -t patch openSUSE-2014-431

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 13.1 (i586 x86_64):

      libminiupnpc-devel-1.9-2.4.1
      libminiupnpc10-1.9-2.4.1
      libminiupnpc10-debuginfo-1.9-2.4.1
      miniupnpc-1.9-2.4.1
      miniupnpc-debuginfo-1.9-2.4.1
      python-miniupnpc-1.9-2.4.1
      python-miniupnpc-debuginfo-1.9-2.4.1

   - openSUSE 12.3 (i586 x86_64):

      libminiupnpc-devel-1.9-2.4.1
      libminiupnpc10-1.9-2.4.1
      libminiupnpc10-debuginfo-1.9-2.4.1
      miniupnpc-1.9-2.4.1
      miniupnpc-debuginfo-1.9-2.4.1
      python-miniupnpc-1.9-2.4.1
      python-miniupnpc-debuginfo-1.9-2.4.1

References:

   http://support.novell.com/security/cve/CVE-2014-3985.html
   https://bugzilla.novell.com/881990

openSUSE-SU-2014:0815-1: moderate: miniupnpc: Update to 1.9 to fix buffer overflow

opensuse-security＠opensuse.org