Описание
Security update for gupnp
This update for gupnp fixes the following issues:
- CVE-2021-33516: Fixed a DNS rebinding, which could trick the browser into triggering actions against local UPnP services (bsc#1186590).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
libgupnp-1_2-0-1.2.2-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
libgupnp-1_2-0-1.2.2-3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP2
libgupnp-devel-1.2.2-3.3.1
typelib-1_0-GUPnP-1_0-1.2.2-3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
libgupnp-devel-1.2.2-3.3.1
typelib-1_0-GUPnP-1_0-1.2.2-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP2
typelib-1_0-GUPnP-1_0-1.2.2-3.3.1
SUSE Linux Enterprise Workstation Extension 15 SP3
typelib-1_0-GUPnP-1_0-1.2.2-3.3.1
Ссылки
- Link for SUSE-SU-2021:2153-1
- E-Mail link for SUSE-SU-2021:2153-1
- SUSE Security Ratings
- SUSE Bug 1186590
- SUSE CVE CVE-2021-33516 page
Описание
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libgupnp-1_2-0-1.2.2-3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libgupnp-1_2-0-1.2.2-3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP2:libgupnp-devel-1.2.2-3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP2:typelib-1_0-GUPnP-1_0-1.2.2-3.3.1
Ссылки
- CVE-2021-33516
- SUSE Bug 1186590