Mailinglist Archive: opensuse-updates (53 mails)

< Previous Next >
openSUSE-SU-2014:0815-1: moderate: miniupnpc: Update to 1.9 to fix buffer overflow
openSUSE Security Update: miniupnpc: Update to 1.9 to fix buffer overflow
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0815-1
Rating: moderate
References: #881990
Cross-References: CVE-2014-3985
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

miniupnpc was updated to 1.9 to fix a potential buffer overrun in
miniwget.c (CVE-2014-3985).

Besides that the following issues were fixed:
* added argument remoteHost to UPNP_GetSpecificPortMappingEntry()
* increment API_VERSION to 10
* --help and -h arguments in upnpc.c
* define MAXHOSTNAMELEN if not already done
* update upnpreplyparse to allow larger values (128 chars instead of 64)
* Update upnpreplyparse to take into account "empty" elements
* validate upnpreplyparse.c code with "make check"
* Fix Solaris build thanks to Maciej Małecki
* Fix testminiwget.sh for BSD
* Fixed Makefile for *BSD
* Update Makefile to use JNAerator version 0.11
* Fix testminiwget.sh for use with dash
* Use $(DESTDIR) in Makefile


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-431

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-431

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

libminiupnpc-devel-1.9-2.4.1
libminiupnpc10-1.9-2.4.1
libminiupnpc10-debuginfo-1.9-2.4.1
miniupnpc-1.9-2.4.1
miniupnpc-debuginfo-1.9-2.4.1
python-miniupnpc-1.9-2.4.1
python-miniupnpc-debuginfo-1.9-2.4.1

- openSUSE 12.3 (i586 x86_64):

libminiupnpc-devel-1.9-2.4.1
libminiupnpc10-1.9-2.4.1
libminiupnpc10-debuginfo-1.9-2.4.1
miniupnpc-1.9-2.4.1
miniupnpc-debuginfo-1.9-2.4.1
python-miniupnpc-1.9-2.4.1
python-miniupnpc-debuginfo-1.9-2.4.1


References:

http://support.novell.com/security/cve/CVE-2014-3985.html
https://bugzilla.novell.com/881990


< Previous Next >
This Thread
  • No further messages