A heap buffer overflow vulnerability was found in libupnp. This vulnerability might allow for a wide range of impacts, from denial of service to remote code execution. Upstream bug: https://sourceforge.net/p/pupnp/bugs/133/ CVE assignment: http://seclists.org/oss-sec/2016/q4/200
Created libupnp tracking bugs for this issue: Affects: fedora-all [bug 1388773] Affects: epel-7 [bug 1388774]
libupnp 1.6.21 is out, which fixes this issue among others: http://pupnp.sourceforge.net/ChangeLog
Ping?
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.