UbuntuUpdates.org

Package "minidlna"

Name: minidlna

Description:

lightweight DLNA/UPnP-AV server targeted at embedded systems

Latest version: 1.1.5+dfsg-2ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://sourceforge.net/projects/minidlna/

Links


Download "minidlna"


Other versions of "minidlna" in Xenial

Repository Area Version
base universe 1.1.5+dfsg-2
updates universe 1.1.5+dfsg-2ubuntu0.1

Changelog

Version: 1.1.5+dfsg-2ubuntu0.1 2021-02-03 19:07:13 UTC

  minidlna (1.1.5+dfsg-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Insufficient input sanitization vulnerability
    - debian/patches/CVE-2020-12695.patch: upnphttp: Validate SUBSCRIBE
      callback URL.
    - debian/patches/CVE-2020-28926.patch: upnphttp: Disallow negative HTTP
      chunk lengths.
    - CVE-2020-12695
    - CVE-2020-28926
  * Other fixes:
    - debian/patches/15-use-newer-ip_multicast_if-api.patch: Use newer
    API for IP_MULTICAST_IF which allows one to specify interface by
    index, not by address.

 -- Paulo Flabiano Smorigo <email address hidden> Mon, 01 Feb 2021 14:22:43 +0000

CVE-2020-12695 The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on
CVE-2020-28926 ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTT



About   -   Send Feedback to @ubuntu_updates