gupnp-1.0.2-6.el7
エラータID: AXSA:2021-1998:01
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
Security Fix(es):
* gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-33516
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
Update packages.
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
N/A
SRPMS
- gupnp-1.0.2-6.el7.src.rpm
MD5: 2689f476f756e179db9a9b69c89abd49
SHA-256: cbb8fd880e57a1ad27ce441f20a6814a6f7793f4854fc8cc353c179e0ec74228
Size: 429.43 kB
Asianux Server 7 for x86_64
- gupnp-1.0.2-6.el7.x86_64.rpm
MD5: 89d0ccf5f01bd6b31599d1b10ed3cc07
SHA-256: a7e30fbad8e94b8adeb07a21bd2e88fd48a667037da1d93f6ce428bf580c19e8
Size: 93.06 kB - gupnp-1.0.2-6.el7.i686.rpm
MD5: 260cf6e5521e831ea153683f51d9f039
SHA-256: 23bb5b57b69f1cefc8fc5784251ed375b475bf00d0a80e90d73f3cbece8ce6b2
Size: 91.92 kB