desktop-packages team mailing list archive

Thread
Date

[Bug 1506017] Re: TALOS-2015-0035 (CVE-2015-6031)

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: "Wladimir J. van der Laan" <1506017@xxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Oct 2015 20:09:34 -0000
Reply-to: Bug 1506017 <1506017@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Awesome!

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to miniupnpc in Ubuntu.
https://bugs.launchpad.net/bugs/1506017

Title:
  TALOS-2015-0035 (CVE-2015-6031)

Status in miniupnpc package in Ubuntu:
  Fix Released

Bug description:
  Please upgrade the miniupnpc package, or backport a fix as soon as possible.
  There is a remote-exploitable (from LAN) bug in miniupnpc:

  See http://talosintel.com/reports/TALOS-2015-0035/

  This affects transmission-gtk, as well as all other client software
  this uses this libary, such as bitcoind.

  The commit fixing the vulnerability is
  https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78

  I have a PoC exploit for amd64, if interested contact me at
  laanwj@xxxxxxxxx , use GPG keyid: 0x74810B012346C9A6

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/miniupnpc/+bug/1506017/+subscriptions