Описание
Security update for minidlna
This update for minidlna fixes the following issues:
minidlna was updated to version 1.3.1 (boo#1196814)
-
Fixed a potential crash in SSDP request parsing.
-
Fixed a configure script failure on some platforms.
-
Protect against DNS rebinding attacks. (CVE-2022-26505)
-
Fix an socket leakage issue on some platforms.
-
Minor bug fixes.
-
add 'su minidlna minidlna' to the logrotate config
-
Added hardening to systemd service(s) (boo#1181400).
-
Use sysusers macros to create minidlna user
-
Don't hardrequire logrotate, we don't write log files anymore
Список пакетов
SUSE Package Hub 15 SP3
minidlna-1.3.1-bp153.2.3.1
openSUSE Leap 15.3
minidlna-1.3.1-bp153.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2022:0079-1
- SUSE Security Ratings
- SUSE Bug 1181400
- SUSE Bug 1196814
- SUSE CVE CVE-2022-26505 page
Описание
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
Затронутые продукты
SUSE Package Hub 15 SP3:minidlna-1.3.1-bp153.2.3.1
openSUSE Leap 15.3:minidlna-1.3.1-bp153.2.3.1
Ссылки
- CVE-2022-26505
- SUSE Bug 1196814