[Secure-testing-team] Bug#699316: libupnp: Multiple stack buffer overflow vulnerabilities

[Salvatore Bonaccorso]

Package: libupnp
Severity: grave
Tags: security

Hi,

the following vulnerabilities were published for libupnp.

CVE-2012-5958[0]: Stack buffer overflow of Tempbuf
CVE-2012-5959[1]: Stack buffer overflow of Event->UDN
CVE-2012-5960[2]: Stack buffer overflow of Event->UDN
CVE-2012-5961[3]: Stack buffer overflow of Evt->UDN
CVE-2012-5962[4]: Stack buffer overflow of Evt->DeviceType
CVE-2012-5963[5]: Stack buffer overflow of Event->UDN
CVE-2012-5964[6]: Stack buffer overflow of Event->DeviceType
CVE-2012-5965[7]: Stack buffer overflow of Event->DeviceType

Upstream changelog for 1.6.18 states:

*******************************************************************************
Version 1.6.18
*******************************************************************************

2012-12-06 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

        Security fix for CERT issue VU#922681

        This patch addresses three possible buffer overflows in function
        unique_service_name(). The three issues have the folowing CVE numbers:

        CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf
        CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN
        CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN

        Notice that the following issues have already been dealt by previous
        work:

        CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN
        CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType
        CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN
        CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType
        CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5958
    http://security-tracker.debian.org/tracker/CVE-2012-5958
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5959
    http://security-tracker.debian.org/tracker/CVE-2012-5959
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5960
    http://security-tracker.debian.org/tracker/CVE-2012-5960
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5961
    http://security-tracker.debian.org/tracker/CVE-2012-5961
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5962
    http://security-tracker.debian.org/tracker/CVE-2012-5962
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5963
    http://security-tracker.debian.org/tracker/CVE-2012-5963
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5964
    http://security-tracker.debian.org/tracker/CVE-2012-5964
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5965
    http://security-tracker.debian.org/tracker/CVE-2012-5965

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

_______________________________________________
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team