Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0146 libupnp and libupnp4 security update 4 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libupnp libupnp4 Publisher: Debian Operating System: Debian GNU/Linux 6 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-5965 CVE-2012-5964 CVE-2012-5963 CVE-2012-5962 CVE-2012-5961 CVE-2012-5960 CVE-2012-5959 CVE-2012-5958 Reference: ESB-2013.0132 ESB-2013.0122 Original Bulletin: http://www.debian.org/security/2013/dsa-2614 http://www.debian.org/security/2013/dsa-2615 Comment: This bulletin contains two (2) Debian security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2614-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez February 01, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libupnp Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 Debian Bug : 699316 Multiple stack-based buffer overflows were discovered in libupnp, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function. An attacker sending carefully crafted SSDP queries to a daemon built on libupnp could generate a buffer overflow, overwriting the stack, leading to the daemon crash and possible remote code execution. For the stable distribution (squeeze), these problems have been fixed in version 1:1.6.6-5+squeeze1. For the testing distribution (wheezy), these problems have been fixed in version 1:1.6.17-1.2. For the unstable distribution (sid), these problems have been fixed in version 1:1.6.17-1.2. We recommend that you upgrade your libupnp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRDOe7AAoJEG3bU/KmdcClR6sH/1tMFZTfqjzSEvU81ck6m7Fs QD5r45u6YpCfjioo9K6RvRdQ1JqU/8R4sSnrJPVJdf7xiEtxEZJ8DG+A7nt60Dmp iBG8RJYU0lc2KeADEiejZy02V/wGRPi+fe931X6Vpqaho6BUWEyXb0xm6qY2MV8n FrJh8aKYjmOjH2WCGSLitsfC0BNpjc++MP9KFQPMLK6lXq68dz/rDnClWinFeEr0 fehtWrdM17az6fLUihwo9TXByH9gZmdFj/F0vlARBzkv29jUlAtu55hS3nbCJUCB 1rH0HifatkkZ2h4guMDC6SmFFHGxI+9JSz9TrfdkUtb6fwPNB4hGP8TT0GAMhag= =MYvI - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2615-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez February 01, 2013 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libupnp4 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961 CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965 Debian Bug : 699459 Multiple stack-based buffer overflows were discovered in libupnp4, a library used for handling the Universal Plug and Play protocol. HD Moore from Rapid7 discovered that SSDP queries where not correctly handled by the unique_service_name() function. An attacker sending carefully crafted SSDP queries to a daemon built on libupnp4 could generate a buffer overflow, overwriting the stack, leading to the daemon crash and possible remote code execution. For the stable distribution (squeeze), these problems have been fixed in version 1.8.0~svn20100507-1+squeeze1. For the testing distribution (wheezy), these problems have been fixed in version 1.8.0~svn20100507-1.2. For the unstable distribution (sid), these problems have been fixed in version 1.8.0~svn20100507-1.2. We recommend that you upgrade your libupnp4 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQEcBAEBCgAGBQJRDPb/AAoJEG3bU/KmdcClkHcH/3T66iE5QyeUwxE0wGNusOUX Hu4A7ycp8f8PxBbEkU2sQgjTaZ/cDAXc5pf3/McerMBuNp7oBA4Jvmm0IHrrM3As Lkt7f+AE1f6ixpF4OE9NfzZx2EtMDf3KhZwyGGp1BUcXXCYoQoQiFV6A8gcj1ay4 LnksPxFycFhYEs3SLmAXp4HkScQ6zAybtuC4wHI+o/LeMVg2Z94hYJ7E5SiF7iDn /Pm+BzBAsQyQpApHG7a/wIIkfY31DFQB+Rq82nv6VOHqQUlawdcBVB2rN0SA8XMv 5rxV+eQjl5ReOYzoGr7XL7T8d5BJSHXyUfUjKWqYPGqAgRqHaRvn11WkD6OcWwQ= =YQoc - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUQ80hu4yVqjM2NGpAQKkSA/8CCfwHd+7Zyl4qyLbrg7sD1vLxDEPqzpd x0t17jUHcga5XV00RadFk7e1ia57PRGWUhv1lKViKra9AWPHWk9ZIKheMdsmROPD /p4GW87OFjHZXAObJqe278WmsRYSx1txC2rl6UZFQqDYnmTMmUCCEUcgWgVyx+ga AnlzTw2hf8e0MqIY3TXLcHoPMESDB6rACcxGY7wYs6XRlcHZetXmb9vVU7Hcn1mq W+krg3nQOnbQaEAofAyywKigF+OTFuI7ZjuYo8sHgbdezDeHVFmDYrdf7w9WI3K8 TNsy694g96/l5qe8eLQzOaWe4VZkfkKByauzBphQb8bGzSF/O4FOsDGFsXz12cRR LdG3SpLLirkWKSN1qv8WWRZNCmcqvrldKHUzrN4tWZGUxPmGVMlN3L7GNTz/a/DC 6MSbEXL6qpARk2a7DB/J7U+t075AM3pTakxnuBhC4zkz9HnOruqfZD/D8FoDeRD7 08qc8DsCoLUBq9bLkcnrgU51E00/V4dN6yy2K77ZaX42wii1ZdtfBlW2pHSDCXBY HZqBbe2MZ+UhOkB0Syv/x3j3fnOgmASdSL1obeafZcMGAUKC6hgM85x7o29FmPke jH9E/8d/ImxxOJNEw2bZt4Ea4Fzd72i+Dn7ULIPB6cRy1pb52MpffG63eP8LvWh1 Q0Qx8FdIfxY= =FwrS -----END PGP SIGNATURE-----