USN-4722-1: ReadyMedia (MiniDLNA) vulnerabilities
4 February 2021
ReadyMedia (MiniDLNA) could be made to crash if it received specially crafted input.
- minidlna - lightweight DLNA/UPnP-AV server targeted at embedded systems
It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with
a delivery URL on a different network segment than the fully qualified event-
subscription URL. An attacker could use this to hijack smart devices and cause
denial of service attacks. (CVE-2020-12695)
It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution.
A remote attacker could send a malicious UPnP HTTP request to the service
using HTTP chunked encoding and cause a denial of service.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.