gupnp-1.0.6-2.el8
エラータID: AXSA:2021-2196:02
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
Security Fix(es):
* gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-33516
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
Update packages.
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
N/A
SRPMS
- gupnp-1.0.6-2.el8.src.rpm
MD5: 98a73bac638f93651f9143e05a25f9f2
SHA-256: 50fa52ecada83fb0849df15a64ef8f1165e6a67cb1a6c99ca64c4ff5fdab87eb
Size: 445.37 kB
Asianux Server 8 for x86_64
- gupnp-1.0.6-2.el8.x86_64.rpm
MD5: 35dfe7d923e0f145f29eb1098b3b87b9
SHA-256: e669f4ce90ce947ba0bd4d28d9377e45fc0180ec3a10e3c2b13ae6afa564614f
Size: 105.05 kB - gupnp-1.0.6-2.el8.i686.rpm
MD5: c8b2701bf5abf073f4e815fb77dc4f30
SHA-256: a6cace69998bdff1a49e906cccf8e089e4dfc02b428203267f1f832211f90fc5
Size: 111.63 kB