-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2315-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 06, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : gupnp Version : 1.0.1-1+deb9u1 CVE ID : CVE-2020-12695 Yunus Çadırcı found an issue in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass firewalls. For Debian 9 stretch, this problem has been fixed in version 1.0.1-1+deb9u1. We recommend that you upgrade your gupnp packages. For the detailed security status of gupnp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gupnp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8sPZEACgkQnUbEiOQ2 gwKOdg//SAzCDZdsvzOl0j8Eij4cHjvDCngX4eFIUvjPCgfOhleul7J5FLq8oLpm bLfUzlFSWI/lGnBc7SOYZpIfQGFS6BfhORCpqi87JbJlTW7P3yDTjaO3TPATiNm2 tT0FeIC2D1s+xzrS+eEK9PoMMUf8m+w4C1XFewXxioeFje34Yuws7GweuvR77tJ5 iGXG5dqqFBmGk/bKNVe+iIK76nWuw5cjgXBPuDLHLIm8YuJVxh7KFDFPoWW479aN PuwpxJOk9rsgMhzxLdz/wHCxQ/Ir9+w2peocQlu/OBsgKDrzIFbpapQhqPONhloj nnIyC2S3e8RUIWZI9zSN8CJQ3bbAN79wQyiLkTFO+9GzKN8zOI2xmV24vGnaBGUh 35T4UJ9A1Wl5oqevCSvMxm9nOmpvOORw553GM+/V/oxLsHeedKIOtrwoFQZqbOmn HB5zvkrq6c4Gbm6cbo1dohSGk9mXrkrs6mUpdSmd+5xKd+SD83AmaYw76Q6Refuq cw4gWRrl7xg6S0JmX8/oV5pp4QATRWaPHjYCq5qDVX0ugIGJzvqr7pQ3iQ1ok1Rd KEH/Ws10istgdPrEhJWZKbRyx4lXz5o+zqomQSS4IqjvRtYCDdZjoQaRW3ACTJgH /drz32GMu6RuFpW1sjVHS3xY2W1mdhNj9FUrFRKTu+7qf5nwa7Y= =AoLt -----END PGP SIGNATURE-----