libupnp package vulnerable to CVE-2021-28302

DoneSubmitted by Mark H Weaver.
Details
4 participants
  • Leo Famulari
  • Léo Le Bouter
  • Ludovic Courtès
  • Mark H Weaver
Owner
unassigned
Severity
normal
M
M
Mark H Weaver wrote on 14 Mar 2021 22:29
(address . bug-guix@gnu.org)(name . Léo Le Bouter)(address . lle-bout@zaclys.net)
87lfaps9tu.fsf@netris.org
I'm forwarding this to bug-guix@gnu.org so that it won't be forgotten.

Mark

-------------------- Start of forwarded message --------------------
Subject: libupnp package vulnerable to CVE-2021-28302
From: Léo Le Bouter <lle-bout@zaclys.net>
To: guix-devel@gnu.org
Date: Sat, 13 Mar 2021 02:12:45 +0100
CVE-2021-28302 12.03.21 16:15
A stack overflow in pupnp 1.16.1 can cause the denial of service
through the Parser_parseDocument() function. ixmlNode_free() will
release a child node recursively, which will consume stack space and
lead to a crash.

Upstream did not provide a patch yet, see <

I suggest we wait for the patch to be made and then update, to be
monitored.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBMEY0ACgkQRaix6GvN
EKYUDQ//cJCRDapNXBPGtjw9g7Ki83WqsqSIG97YZF1+8vF3EKWaQ0yaUKwPyAhF
yngRqIGzo9nebdk9Ju8j8nFPICXKq3zwmiJzqg43mgdDoFjaVCgQLv/TIPbh/poi
+Y9JM0U4+1tkL2ePylpGTfgTZ2aSNh7DiWR2fsvIZpRozeX+XQBXnZJQBbjgAC5A
Nif2qFgohSYrMU7tii/O43aHsBSCnjBdq1v8X+OI9hLAWlclrw+sJMVAbEVVDft1
UM+vk9SJAS2YGZ8h6vxJkDQ2n5851P22vrIkRz1WUVL/ejlwvB5kk1PT4nyx53WT
aKd7SwvXbfb/nv5KaMSx4kXmAoquQzi/1nei1U6043ZLH8rsfquXPho3JUNZz28h
14Lj0nBwJ1ZxeGhD/5/XqMDWp/AbqXKaIsnaEKFZdUZfFPwTEpgRlntTeTs3Tiws
l9xuoV+Qib8slW8ZRS7cvpFO9Hnmt8R6MQgk5o0zDP3sdRc3v9rN9wT6CCHAUEHV
tSXPobwRKoEAZN7IQ4CqvXsAWa2eELEV4Xs18045iC5j5z2SCP5QcUro20sixc0M
eZF/1A8YoM7u1Qxhr9w3ptv9iiCywkBWhYLCBqC4BOUYSDFmDu/IErA0raiqO2e9
IfsJWzhQcFanAn0c/NhzJfaj0vhapCywcBdksw84ZmQ9dXK4E4E=
=3T+p
-----END PGP SIGNATURE-----

-------------------- End of forwarded message --------------------
L
L
Ludovic Courtès wrote on 15 Mar 2021 14:43
control message for bug #47140
(address . control@debbugs.gnu.org)
87lfaoh6rv.fsf@gnu.org
tags 47140 + security
quit
L
L
Leo Famulari wrote on 24 Mar 2021 05:06
(no subject)
(address . control@debbugs.gnu.org)
YFq6wUqi070//Gk+@jasmine.lan
block 47297 with 47140
block 47297 with 47141
block 47297 with 47142
block 47297 with 47143
block 47297 with 47144
L
L
Léo Le Bouter wrote on 5 Apr 2021 22:50
libupnp package vulnerable to CVE-2021-28302
(address . 47140@debbugs.gnu.org)
ede99764b2ae52b0c5ae719a70b40fe8ac6aa6ca.camel@zaclys.net
Upstream created and merged a probable patch:

Reporter still needs to confirm if it fixes the issue.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBreDAACgkQRaix6GvN
EKbPTA/+MBbgjAjTCTeZ54pKRRUQdP8Pcb2IVreT0GmIpsiTGJeH8+4uFegkj/jJ
AA5vCyPuzEw+3P+4O9QKFbVvJq0znioA5fDHp9OvKdvTukRAu4rdaV/8EnRQnnVH
o/E23QgoUXbnCftpKzzI2NAgQWgJokfOeoaQho/b/kPlf3s9Mizr0GgX5kkXjHVC
ycw4IvMlabZor4ECujDHRhToNogkp2dO6929wf5/efl0pC8a1Bv5fbUDWvsSLyVX
sPrOTsEGo/D0yK6rucVG4D59B/YgGsljloB35upSatM0hmOFX6ynfHlj91kyf5qF
ks+9VeCIpm2fPyth+wTN7hu87MyNwMi6ZjjTmZ7G9NI+EyOQ3F+kPZREHZNFHhC7
5sVG8L0LFleCqrJWQgMXMZU6bF+guYrV01CGBczzvHwz4bxgT+zA2k/wW6/QTYlG
IjvnWwOe+pYuBVX1/cx77iguvU4FNRG+tXC8rqhYsLjF5fpuDbDUQv9DCfDoYmkK
SStYWyAH/8eLlKZprMbJUsa494MedFWyqdRCuiIxMykUVBz30rfHlcZXp1aXDz0k
9gUg+3GZQbcc4FKQG2znw5z4o4AHnqsfeffljph6Oqx9Y9/0iV1H080J5uE90xhl
fDlsu/rG3Aw0NzIlka8eBIKr9fSdkEKwti3FDu6/Hd+ihStWL/0=
=jvyO
-----END PGP SIGNATURE-----


L
L
Léo Le Bouter wrote on 9 Apr 2021 03:16
(address . 47140-done@debbugs.gnu.org)
5d2864e3ee90af06e3abc6e7899fa80de0b72ded.camel@zaclys.net
Fixed by 2b605ef3b145ec136530f08ee7aa27382aa64b46
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBvqtsACgkQRaix6GvN
EKa1Cw//d68L/ApbojqQHLvSDo5FrQPnkmFY9LnWB07qx1j68sJwUW9OYYtDcA4w
h1wFdm0/8u/Lj4gifo+aW0Cxm27BzCpf+QRRp2XSRkKQh8nWR8l/LUzVN65obSA6
iJlaV7o5w9f12GI44UxyT8pYTq5qJdaSowmsdwpPvQ/9iKj0Kx2PqT20Nr6XRdsP
sy/Y3y/c31SArwA8B9UDbMi3Ye/vgOSMv32aZOsRixAImkxPqzYq/PaKq463Jg5V
ErNjDM0fsQUFb8QzHQr9B9LXpUzWaHAC31/fFcaKidThPD8s8SUUY8FtZ5Jc6eTW
sDxXLZTcrMAno0Lh91K+H9bIZ39VZyZWJ88gzvo4JaydbCuaq9xms1CkwRcY0QSb
Jq2Lcj95cdqXeiUfEYFDBGcCHV/wVwfTAxHkblqbjbDS1IHKZYR4B/5PYYh6prTn
srBzPs1fn+xqDj2EzCs2JIMe82aZRQgUitCq64oMH9UPcLM7wS9bJ1JFUMyMU5il
FP0evjwoQo4jJ0Tbj3fYmUn7C/VCm0Xv9xumlcgbxNL7fJZNsAmZdSaFA40Hfhqa
pDBRz0vpFqTurGv/AbBrRM0asHzp2mRPhh1Z2GIZ9jL5EtgDTfp0EAMDZsgbeUN1
dp6mURYr43y6gD4JbokNBbfYEoaacREZeXKqCoKXHScx3U3EYI4=
=epMm
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 47140@debbugs.gnu.org