USN-4722-1: ReadyMedia (MiniDLNA) vulnerabilities
4 February 2021
ReadyMedia (MiniDLNA) could be made to crash if it received specially crafted input.
Releases
Packages
- minidlna - lightweight DLNA/UPnP-AV server targeted at embedded systems
Details
It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with
a delivery URL on a different network segment than the fully qualified event-
subscription URL. An attacker could use this to hijack smart devices and cause
denial of service attacks. (CVE-2020-12695)
It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution.
A remote attacker could send a malicious UPnP HTTP request to the service
using HTTP chunked encoding and cause a denial of service.
(CVE-2020-28926)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-4494-1: libgupnp-1.2-dev, gupnp, libgupnp-doc, gir1.2-gupnp-1.2, libgupnp-1.2-0
- USN-4734-1: wpasupplicant, wpagui, wpa, wpasupplicant-udeb, hostapd
- USN-4734-2: wpasupplicant, wpagui, wpa, wpasupplicant-udeb, hostapd