Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0146
libupnp and libupnp4 security update
4 February 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libupnp
libupnp4
Publisher: Debian
Operating System: Debian GNU/Linux 6
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-5965 CVE-2012-5964 CVE-2012-5963
CVE-2012-5962 CVE-2012-5961 CVE-2012-5960
CVE-2012-5959 CVE-2012-5958
Reference: ESB-2013.0132
ESB-2013.0122
Original Bulletin:
http://www.debian.org/security/2013/dsa-2614
http://www.debian.org/security/2013/dsa-2615
Comment: This bulletin contains two (2) Debian security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2614-1 security@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
February 01, 2013 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : libupnp
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961
CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965
Debian Bug : 699316
Multiple stack-based buffer overflows were discovered in libupnp, a library
used for handling the Universal Plug and Play protocol. HD Moore from Rapid7
discovered that SSDP queries where not correctly handled by the
unique_service_name() function.
An attacker sending carefully crafted SSDP queries to a daemon built on libupnp
could generate a buffer overflow, overwriting the stack, leading to the daemon
crash and possible remote code execution.
For the stable distribution (squeeze), these problems have been fixed in
version 1:1.6.6-5+squeeze1.
For the testing distribution (wheezy), these problems have been fixed in
version 1:1.6.17-1.2.
For the unstable distribution (sid), these problems have been fixed in
version 1:1.6.17-1.2.
We recommend that you upgrade your libupnp packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQEcBAEBCgAGBQJRDOe7AAoJEG3bU/KmdcClR6sH/1tMFZTfqjzSEvU81ck6m7Fs
QD5r45u6YpCfjioo9K6RvRdQ1JqU/8R4sSnrJPVJdf7xiEtxEZJ8DG+A7nt60Dmp
iBG8RJYU0lc2KeADEiejZy02V/wGRPi+fe931X6Vpqaho6BUWEyXb0xm6qY2MV8n
FrJh8aKYjmOjH2WCGSLitsfC0BNpjc++MP9KFQPMLK6lXq68dz/rDnClWinFeEr0
fehtWrdM17az6fLUihwo9TXByH9gZmdFj/F0vlARBzkv29jUlAtu55hS3nbCJUCB
1rH0HifatkkZ2h4guMDC6SmFFHGxI+9JSz9TrfdkUtb6fwPNB4hGP8TT0GAMhag=
=MYvI
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2615-1 security@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
February 01, 2013 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : libupnp4
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-5958 CVE-2012-5959 CVE-2012-5960 CVE-2012-5961
CVE-2012-5962 CVE-2012-5963 CVE-2012-5964 CVE-2012-5965
Debian Bug : 699459
Multiple stack-based buffer overflows were discovered in libupnp4, a library
used for handling the Universal Plug and Play protocol. HD Moore from Rapid7
discovered that SSDP queries where not correctly handled by the
unique_service_name() function.
An attacker sending carefully crafted SSDP queries to a daemon built on
libupnp4 could generate a buffer overflow, overwriting the stack, leading to
the daemon crash and possible remote code execution.
For the stable distribution (squeeze), these problems have been fixed in
version 1.8.0~svn20100507-1+squeeze1.
For the testing distribution (wheezy), these problems have been fixed in
version 1.8.0~svn20100507-1.2.
For the unstable distribution (sid), these problems have been fixed in
version 1.8.0~svn20100507-1.2.
We recommend that you upgrade your libupnp4 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQEcBAEBCgAGBQJRDPb/AAoJEG3bU/KmdcClkHcH/3T66iE5QyeUwxE0wGNusOUX
Hu4A7ycp8f8PxBbEkU2sQgjTaZ/cDAXc5pf3/McerMBuNp7oBA4Jvmm0IHrrM3As
Lkt7f+AE1f6ixpF4OE9NfzZx2EtMDf3KhZwyGGp1BUcXXCYoQoQiFV6A8gcj1ay4
LnksPxFycFhYEs3SLmAXp4HkScQ6zAybtuC4wHI+o/LeMVg2Z94hYJ7E5SiF7iDn
/Pm+BzBAsQyQpApHG7a/wIIkfY31DFQB+Rq82nv6VOHqQUlawdcBVB2rN0SA8XMv
5rxV+eQjl5ReOYzoGr7XL7T8d5BJSHXyUfUjKWqYPGqAgRqHaRvn11WkD6OcWwQ=
=YQoc
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUQ80hu4yVqjM2NGpAQKkSA/8CCfwHd+7Zyl4qyLbrg7sD1vLxDEPqzpd
x0t17jUHcga5XV00RadFk7e1ia57PRGWUhv1lKViKra9AWPHWk9ZIKheMdsmROPD
/p4GW87OFjHZXAObJqe278WmsRYSx1txC2rl6UZFQqDYnmTMmUCCEUcgWgVyx+ga
AnlzTw2hf8e0MqIY3TXLcHoPMESDB6rACcxGY7wYs6XRlcHZetXmb9vVU7Hcn1mq
W+krg3nQOnbQaEAofAyywKigF+OTFuI7ZjuYo8sHgbdezDeHVFmDYrdf7w9WI3K8
TNsy694g96/l5qe8eLQzOaWe4VZkfkKByauzBphQb8bGzSF/O4FOsDGFsXz12cRR
LdG3SpLLirkWKSN1qv8WWRZNCmcqvrldKHUzrN4tWZGUxPmGVMlN3L7GNTz/a/DC
6MSbEXL6qpARk2a7DB/J7U+t075AM3pTakxnuBhC4zkz9HnOruqfZD/D8FoDeRD7
08qc8DsCoLUBq9bLkcnrgU51E00/V4dN6yy2K77ZaX42wii1ZdtfBlW2pHSDCXBY
HZqBbe2MZ+UhOkB0Syv/x3j3fnOgmASdSL1obeafZcMGAUKC6hgM85x7o29FmPke
jH9E/8d/ImxxOJNEw2bZt4Ea4Fzd72i+Dn7ULIPB6cRy1pb52MpffG63eP8LvWh1
Q0Qx8FdIfxY=
=FwrS
-----END PGP SIGNATURE-----