Bugzilla – Bug 989948
VUL-0: CVE-2016-6255 libupnp: Unhandled POSTs can write to the filesystem by default
Last modified: 2017-06-05 01:09:31 UTC
A vulnerability was found in libupnp. If there's no registered handler for a POST request, the default behaviour is to write it to the filesyste. This allows attacker to store arbitrary data on deployed devices.
bugbot adjusting priority
Submitted version update to 1.6.21, should be binary compatible.
This is an autogenerated message for OBS integration:
This bug (989948) was mentioned in
https://build.opensuse.org/request/show/498521 42.2 / libupnp
openSUSE-SU-2017:1485-1: An update that solves two vulnerabilities and has one errata is now available.
Category: security (moderate)
Bug References: 1006256,898167,989948
CVE References: CVE-2016-6255,CVE-2016-8863
openSUSE Leap 42.2 (src): libupnp-1.6.21-4.3.1