openSUSE-SU-2021:2153-1

Опубликовано: 11 июл. 2021

Источник: suse-cvrf

Описание

Security update for gupnp

This update for gupnp fixes the following issues:

CVE-2021-33516: Fixed a DNS rebinding, which could trick the browser into triggering actions against local UPnP services (bsc#1186590).

Список пакетов

openSUSE Leap 15.3

libgupnp-1_2-0-1.2.2-3.3.1

libgupnp-1_2-0-32bit-1.2.2-3.3.1

libgupnp-devel-1.2.2-3.3.1

typelib-1_0-GUPnP-1_0-1.2.2-3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CWMAQ7IJUIENIJYPPEUVGYSZ473DP5EV/
E-Mail link for openSUSE-SU-2021:2153-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1186590
SUSE Bug 1186590
https://www.suse.com/security/cve/CVE-2021-33516/
SUSE CVE CVE-2021-33516 page

Описание

An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.

Затронутые продукты

openSUSE Leap 15.3:libgupnp-1_2-0-1.2.2-3.3.1

openSUSE Leap 15.3:libgupnp-1_2-0-32bit-1.2.2-3.3.1

openSUSE Leap 15.3:libgupnp-devel-1.2.2-3.3.1

openSUSE Leap 15.3:typelib-1_0-GUPnP-1_0-1.2.2-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-33516.html
CVE-2021-33516
https://bugzilla.suse.com/1186590
SUSE Bug 1186590

openSUSE-SU-2021:2153-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-33516

Описание

Затронутые продукты

Ссылки