desktop-packages team mailing list archive

Thread
Date

[Bug 1506017] Re: TALOS-2015-0035 (CVE-2015-6031)

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1506017@xxxxxxxxxxxxxxxxxx>
Date: Tue, 20 Oct 2015 21:00:09 -0000
Reply-to: Bug 1506017 <1506017@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package miniupnpc - 1.6-3ubuntu1.2

---------------
miniupnpc (1.6-3ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in XML parser (LP: #1506017)
    - igd_desc_parse.c: fix buffer overflow in
    - https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
    - CVE-2015-6031

 -- Steve Beattie <sbeattie@xxxxxxxxxx>  Thu, 15 Oct 2015 18:35:20 -0700

** Changed in: miniupnpc (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: miniupnpc (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to miniupnpc in Ubuntu.
https://bugs.launchpad.net/bugs/1506017

Title:
  TALOS-2015-0035 (CVE-2015-6031)

Status in miniupnpc package in Ubuntu:
  Fix Released

Bug description:
  Please upgrade the miniupnpc package, or backport a fix as soon as possible.
  There is a remote-exploitable (from LAN) bug in miniupnpc:

  See http://talosintel.com/reports/TALOS-2015-0035/

  This affects transmission-gtk, as well as all other client software
  this uses this libary, such as bitcoind.

  The commit fixing the vulnerability is
  https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78

  I have a PoC exploit for amd64, if interested contact me at
  laanwj@xxxxxxxxx , use GPG keyid: 0x74810B012346C9A6

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/miniupnpc/+bug/1506017/+subscriptions