Mageia alert MGASA-2014-0435 (mythtv)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2014-0435: Updated MythTV packages to harden against SSDP reflection attacks 
Date:
    	     
 
Wed, 29 Oct 2014 12:31:02 +0100
Message-ID:
    	     
 
<20141029113102.7C4795D442@valstar.mageia.org>
MGASA-2014-0435 - Updated MythTV packages to harden against SSDP reflection attacks

Publication date: 29 Oct 2014
URL: http://advisories.mageia.org/MGASA-2014-0435.html
Type: security
Affected Mageia releases: 3, 4

Description:
Updated MythTV packages to harden against SSDP reflection attacks

MythTV's UPNP component was suseptable to SSDP reflection attacks
and has been hardened to disallow SSDP device discovery from non-local
addresses as mitigation.

Additionally, a popular schedules retrieval service, Schedules Direct,
will deprecate the old URL used by MythTV to retrieve metadata on 1st
November 2015. This build of MythTV also updates the URL for this this
service for continued operation going forward.

References:
- https://bugs.mageia.org/show_bug.cgi?id=14347
- https://www.prolexic.com/knowledge-center-ddos-threat-adv...
-
https://www.prolexic.com/kcresources/prolexic-threat-advi...

SRPMS:
- 4/core/mythtv-0.27.4-20141022.1.mga4
- 4/core/mythtv-mythweb-0.27.4-1.mga4
- 4/tainted/mythtv-0.27.4-20141022.1.mga4.tainted
- 3/core/mythtv-0.27.4-20141022.1.mga3
- 3/core/mythtv-mythweb-0.27.4-1.mga3
- 3/tainted/mythtv-0.27.4-20141022.1.mga3.tainted