Arch Linux alert ASA-202104-8 (libupnp)
| From: | Santiago Torres-Arias via arch-security <arch-security@lists.archlinux.org> | |
| To: | Archlinux security <arch-security@archlinux.org> | |
| Subject: | [ASA-202104-8] libupnp: content spoofing | |
| Date: | Thu, 29 Apr 2021 17:43:31 -0400 | |
| Message-ID: | <YIsog5eRDPA4QW9p@meme-cluster> | |
| Cc: | Santiago Torres-Arias <santiago@archlinux.org> |
Arch Linux Security Advisory ASA-202104-8 ========================================= Severity: High Date : 2021-04-29 CVE-ID : CVE-2021-29462 Package : libupnp Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-1844 Summary ======= The package libupnp before version 1.14.6-1 is vulnerable to content spoofing. Resolution ========== Upgrade to 1.14.6-1. # pacman -Syu "libupnp>=1.14.6-1" The problem has been fixed upstream in version 1.14.6. Workaround ========== None. Description =========== The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS- rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. Impact ====== An attacker is able to perform a DNS rebinding attack against a client browser to trigger local UPnP services. This can be used to, for example, exfiltrate or tamper data of a client. References ========== https://github.com/pupnp/pupnp/security/advisories/GHSA-6... https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d... https://security.archlinux.org/CVE-2021-29462