[Slackbuilds-users] libupnp security issue

Thomas Morper thomas at beingboiled.info
Mon Jul 10 21:55:06 UTC 2017


Hello there,

The SlackBuild for libupnp hasn't been updated for more than five years, 
omitting several security fixes and leaving the resulting package 
vulnerable to CVE-2016-6255:

  »Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers
  to write to arbitrary files in the webroot via a POST request without a
  registered handler.«

This build should propably get an upgrade (and a new maintainer).

-- 


More information about the SlackBuilds-users mailing list