Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in GUPnP
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in GUPnP
ID: USN-4970-1
Distribution: Ubuntu
Plattformen: Ubuntu 20.04 LTS, Ubuntu 20.10, Ubuntu 21.04
Datum: Di, 1. Juni 2021, 22:26
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33516
Applikationen: GUPnP

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8760778945775635001==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="aOGxY6DeETNrVIPFTxll2oVfKR2Or2Sb3"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--aOGxY6DeETNrVIPFTxll2oVfKR2Or2Sb3
Content-Type: multipart/mixed;
boundary="zdFthhlLy8BXwGgyAy8y09DpBYSmm4GqU";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <c5b14ce4-a872-a8d6-bbde-06e77e0df65d@canonical.com>
Subject: [USN-4970-1] GUPnP vulnerability

--zdFthhlLy8BXwGgyAy8y09DpBYSmm4GqU
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4970-1
June 01, 2021

gupnp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS

Summary:

GUPnP could allow unintended access to network services.

Software Description:
- gupnp: framework for creating UPnP devices and control points

Details:

It was discovered that GUPnP incorrectly filtered local requests. If a user
were tricked into visiting a malicious website, a remote attacker could
possibly use this issue to perform actions against local UPnP services such
as obtaining or altering sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.04:
libgupnp-1.2-0 1.2.4-1ubuntu0.21.04.1

Ubuntu 20.10:
libgupnp-1.2-0 1.2.4-1ubuntu0.20.10.1

Ubuntu 20.04 LTS:
libgupnp-1.2-0 1.2.3-0ubuntu0.20.04.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4970-1
CVE-2021-33516

Package Information:
https://launchpad.net/ubuntu/+source/gupnp/1.2.4-1ubuntu0.21.04.1
https://launchpad.net/ubuntu/+source/gupnp/1.2.4-1ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/gupnp/1.2.3-0ubuntu0.20.04.2


--zdFthhlLy8BXwGgyAy8y09DpBYSmm4GqU--

--aOGxY6DeETNrVIPFTxll2oVfKR2Or2Sb3
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmC2Mj8ACgkQZWnYVadE
vpOGOw//Sc3VodNGsPVYq8iCUddmwXK96twYmi6i8zMR1FBtjwr96XGMcsy9XSxN
mf4DBcfR7ZImeQ9zut2Y3XsQ6gvDTdMiekhxlv6eWjJHHr/IHnw7oQ1Ptm1gsIgC
RvOeTY7cI4053j7Ua8l7Z0Yx7cXz1c00SFWZs+wvBE4zOHx86uTWS2sIF4/KE19v
YroXNnoUlGwLG2khexfVWRVToTbQZrU3Bls90LY558X/Wov00trFZg4R+DtaopLW
tapChP95hsZ0X+AJYssbrv6bo1O0ic5uoonx2mYHrniDNesb2+jM9Vgl3gqc0VQ0
Jy2oQgt/neXCnbQ4FRb25ST3gRwEDhlrU2PBECLBqBN9UaopiFpnCt4FfFG27cAe
PDYo8e+gmhceMTVsZdJhv9nuXQJ0Qvw5JmVcF1UVSWHCBgW/rS39Ypmibt8+ru+v
MCsHSOKHlAEPjFiOqAgwIwQbwVbCiIxoC/YRRwR6xqeWqDw4DwdX9ZnqMauJWI8X
TRBesdAF6k/mq0Bd2Wb8io+pZzybW304YE2QTpeUpy7x8qVYSpBcCxaGMEIaLF2j
4Z5lnu6Gl2EnVBMQXPsLpBHjYGRI6uVptFbPjA4XS63ERlBtlWpKe2QRB+gab6Vm
NxOp2l82QhVveKk7JAuc/JzVaD8fnrkiRny+9MtVkeJxY36rXn0=
=lcG+
-----END PGP SIGNATURE-----

--aOGxY6DeETNrVIPFTxll2oVfKR2Or2Sb3--


--===============8760778945775635001==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============8760778945775635001==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung