[Slackbuilds-users] libupnp security issue
Thomas Morper
thomas at beingboiled.info
Mon Jul 10 21:55:06 UTC 2017
Hello there,
The SlackBuild for libupnp hasn't been updated for more than five years,
omitting several security fixes and leaving the resulting package
vulnerable to CVE-2016-6255:
»Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers
to write to arbitrary files in the webroot via a POST request without a
registered handler.«
This build should propably get an upgrade (and a new maintainer).
--
More information about the SlackBuilds-users
mailing list