Описание
Security update for gupnp
This update for gupnp fixes the following issues:
- CVE-2021-33516: Fixed a DNS rebinding, which could trick the browser into triggering actions against local UPnP services (bsc#1186590).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
libgupnp-1_0-4-0.20.18-8.3.1
libgupnp-devel-0.20.18-8.3.1
typelib-1_0-GUPnP-1_0-0.20.18-8.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libgupnp-1_0-4-0.20.18-8.3.1
Ссылки
- Link for SUSE-SU-2021:2080-1
- E-Mail link for SUSE-SU-2021:2080-1
- SUSE Security Ratings
- SUSE Bug 1186590
- SUSE CVE CVE-2021-33516 page
Описание
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libgupnp-1_0-4-0.20.18-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libgupnp-devel-0.20.18-8.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-GUPnP-1_0-0.20.18-8.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5:libgupnp-1_0-4-0.20.18-8.3.1
Ссылки
- CVE-2021-33516
- SUSE Bug 1186590