==========================================================================
Ubuntu Security Notice USN-2280-1
July 16, 2014
miniupnpc vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
Summary:
MiniUPnPc could be made to crash if it received specially crafted network
traffic.
Software Description:
– miniupnpc: UPnP IGD client lightweight library client
Details:
It was discovered that MiniUPnPc incorrectly handled certain buffer
lengths. A remote attacker could possibly use this issue to cause
applications using MiniUPnPc to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libminiupnpc8 1.6-3ubuntu2.14.04.1
Ubuntu 13.10:
libminiupnpc8 1.6-3ubuntu2.13.10.1
Ubuntu 12.04 LTS:
libminiupnpc8 1.6-3ubuntu1.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2280-1
CVE-2014-3985
Package Information:
https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu2.14.04.1
https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu2.13.10.1
https://launchpad.net/ubuntu/+source/miniupnpc/1.6-3ubuntu1.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTxoeYAAoJEGVp2FWnRL6TVikP/RsbRYfgnklusmm7/UO6+BvO
wGpuz3oNl+It7pIdq/69wJGXsDm0rRzadAB0Mg1v/nmbde8WBkMd+OajXqSKS6A+
lU8ewxq0/cJge6T83YQ4hQr+aote2r5cPBPMYu8TDu+lIs2dUR4tLnsKrXllFrKN
Fxd3vUG2NALQ0pYhz00lEnnVvslZ6m7i2BM5bDPCipwwdfg24kBo3Ya8NmO/fROS
Wkh2UBDZmVuomnBcQKse81pgMhFCiGZO7sAbxFkVwioRGlJSgFM0lDVWC4GHdP7Q
jzeRC0PfMQlVDM9N5+M3vdGLAtvrLmp4Ndz2Ipyaz/DOln1vqQREBlNHlnYmQFyF
UMbr6cItKWbQK0qcHBsXI+pUpm6RH0S5LTpI17z1iYOMrTk9aE0sY7gxBNVBL2RJ
3sc6tbPnj/sHVe76NDx+SzZSWacXdNrEStGzrhgt/PQED9zSd00apKOyzVzzbNyD
AoWc5M5F8HXw86Eo6pZvuPJswEBFEyhnA7qwCpeXW5/Asz33xEt+GVZMgr4QhW6q
RD2iK4n8zdWOfyGHzTkTxVK6tK6eBcCMnMwuyHIKZgMqKgSLKSp6aui9F6zh5WDR
yiGq9Wwkk3Qm/hRhNmMd+EFu04tkRo4zapZ29sQwWklHe7S3mH91UXpdcDz/ox9f
SQlgFdhgKJNNzZZD387a
=Jp/4
—–END PGP SIGNATURE—–
—