Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:1789

Опубликовано: 18 мая 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: gssdp and gupnp security update

GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.

GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP.

The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)

Security Fix(es):

  • hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
gssdpx86_641.el8gssdp-1.0.5-1.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2020-12695

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2020-12695

CVSS3: 7.5
ubuntu
около 5 лет назад

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

redhat логотип

CVE-2020-12695

CVSS3: 7.5
redhat
около 5 лет назад

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

nvd логотип

CVE-2020-12695

CVSS3: 7.5
nvd
около 5 лет назад

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

debian логотип

CVE-2020-12695

CVSS3: 7.5
debian
около 5 лет назад

The Open Connectivity Foundation UPnP specification before 2020-04-17 ...

github логотип

GHSA-wp9w-2vp9-wg66

CVSS3: 7.5
github
около 3 лет назад

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.