AXSA:2021-2048:01

Release date: 
Saturday, June 19, 2021 - 06:02
Subject: 
gssdp-1.0.5-1.el8, gupnp-1.0.6-1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.

GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP.

The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6).

Security Fix(es):

* hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. gssdp-1.0.5-1.el8.src.rpm
    MD5: 589fe159cd5f488c02a2859a7c8740ee
    SHA-256: e6e3ba57fbd39f690c2ed8ec48541e01901220f00c25d1b1636c8aa34b425bbd
    Size: 329.85 kB
  2. gupnp-1.0.6-1.el8.src.rpm
    MD5: a0c18e144809e820ffdc625cc1255448
    SHA-256: 96dde6a84129c4b1728b1d7ecdbc62a90257dbf8c62f50234e8cd5efe4a3406c
    Size: 440.82 kB

Asianux Server 8 for x86_64
  1. gssdp-1.0.5-1.el8.x86_64.rpm
    MD5: a019d7a7d7c0611e9bb1c6fdf58ce50b
    SHA-256: 24411b56070e6367dbdca392ec6f285392ee0e0f672d7d2f1bba581d28bf0c5f
    Size: 57.91 kB
  2. gupnp-1.0.6-1.el8.x86_64.rpm
    MD5: 1537216ad72359e9653b166cbb64c467
    SHA-256: 61a4dae74d1d40bc71314583c1d35b98740e6df67c0e4ad03405a3253851becb
    Size: 104.53 kB
  3. gssdp-1.0.5-1.el8.i686.rpm
    MD5: 60bf0e8048e81c240938556dcd1281de
    SHA-256: e6d5d886c018f8f5ab9f729583aebe15d0360690011c7b91c8c582860eab741f
    Size: 59.98 kB
  4. gupnp-1.0.6-1.el8.i686.rpm
    MD5: f9d38b039f5203b0006b33793fc15e26
    SHA-256: 87e1254701dd30e10e5fae46f766ef0ff92d461e3c1b556c74a0ea86ff3fe8b7
    Size: 111.00 kB
Copyright© 2007-2015 Asianux. All rights reserved.