• [SECURITY] [DSA 5434-1] minidlna security update

    From Salvatore Bonaccorso@21:1/5 to All on Wed Jun 21 16:00:02 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5434-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    June 21, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : minidlna
    CVE ID : CVE-2023-33476
    Debian Bug : 1037052

    A heap-based buffer overflow vulnerability was found in the HTTP chunk
    parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may
    result in denial of service or the execution of arbitrary code.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 1.3.0+dfsg-2+deb11u2.

    For the stable distribution (bookworm), this problem has been fixed in
    version 1.3.0+dfsg-2.2+deb12u1.

    We recommend that you upgrade your minidlna packages.

    For the detailed security status of minidlna please refer to its
    security tracker page at:
    https://security-tracker.debian.org/tracker/minidlna

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSS/7tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TzDA//ZBIbt2df3MU96n7Aef5oAYAmssjm1OPj1jUn1R3GNzj5fzHjvJWrY7yI UtsWrJd6UpImAuPrNCLL5F0HQ4AWsEVVHac/GpjWgeaHv4NwGXhPBBABujJ46hBA nhenlk6ROqc750G1Lj9cP9UvLOqGvhJzDH/aeCiuJh6nRxU8aRm/Wg2lFFy/3M6T mwgTfZ0VZlIX2raAFZyA4P3a63eVv0iaiEUM7Cu/Fva3N3jmOyqueMziPPPbOPDZ /4kpHv6STdFX1VkMdQ0ZGwW4sRneWUeBIHdO1iVHlQqHtzymC9hZgpNiRG+jxLjF jY5n2cOcF5RLoFILkNeKXyYziUX3syvPEKLH14kxk3hFdhTxx9E140URAaBr7X/m 72caxOh5MY4b4CzWnDmxYB8uuAjLSaeKudm1ABq8GFIBYhIxhdjtpO1MgyWoziZ1 AOsr8r9NqhmaFSVCZ88ajsn1hK+zv2HKeFoiDQfuFS1Gn0yykunt348eyHIltBYf rnMIB9xQtmzEA3yRakiKzEWfzzwm4pdkEGbckCoOxDmptT5zKX95qX5GnlFaflXN 92cY0O5IR9IM2WuPYF0yX7EniCJxTQO+R3Sy/dkU/tNEn4riKql2WIttHd0c7jJN NGi07tm/TAx7X+tkhcp7KBNubyUVvHKctnEKsX/LgM1Jv60/3R8=
    =gHmj
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)