Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-5963

Publication date 31 January 2013

Last updated 24 July 2024


Ubuntu priority

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet.

Status

Package Ubuntu Release Status
libupnp 13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal
Fixed 1.6.17-1.1ubuntu0.12.10.1
12.04 LTS precise
Fixed 1:1.6.6-5.1ubuntu0.12.04.1
11.10 oneiric
Fixed 1:1.6.6-5.1ubuntu0.11.10.1
10.04 LTS lucid
Fixed 1:1.6.6-4ubuntu0.1
8.04 LTS hardy Ignored end of life
libupnp4 13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal
Fixed 1.8.0~svn20100507-1.1ubuntu0.12.10.1
12.04 LTS precise
Fixed 1.8.0~svn20100507-1.1ubuntu0.12.04.1
11.10 oneiric
Fixed 1.8.0~svn20100507-1.1ubuntu0.11.10.1
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libupnp
libupnp4