Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2021:0040
Issued: 2021-06-15
Updated: 2021-06-15
Summary
gupnp security update
Severity
Important
Description
Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:
CVE-2021-33516:
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
References
Updated Packages
- aarch64
- gupnp-1.0.2-6.1.al7.aarch64.rpm → (download)
- gupnp-debuginfo-1.0.2-6.1.al7.aarch64.rpm → (download)
- gupnp-devel-1.0.2-6.1.al7.aarch64.rpm → (download)
- i686
- gupnp-1.0.2-6.1.al7.i686.rpm → (download)
- gupnp-debuginfo-1.0.2-6.1.al7.i686.rpm → (download)
- gupnp-devel-1.0.2-6.1.al7.i686.rpm → (download)
- src
- gupnp-1.0.2-6.1.al7.src.rpm → (download)
- x86_64
- gupnp-1.0.2-6.1.al7.x86_64.rpm → (download)
- gupnp-debuginfo-1.0.2-6.1.al7.x86_64.rpm → (download)
- gupnp-devel-1.0.2-6.1.al7.x86_64.rpm → (download)
- noarch
- gupnp-docs-1.0.2-6.1.al7.noarch.rpm → (download)