ALT-PU-2022-4381-1
Package minidlna updated to version 1.3.1-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2022-03-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-26505
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
Severity: HIGH (7.4)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
References:
- [oss-security] 20220306 Re: DNS rebinding on ReadyMedia/minidlna v1.3.0 and below
- [oss-security] 20220306 Re: DNS rebinding on ReadyMedia/minidlna v1.3.0 and below
- [debian-lts-announce] 20220409 [SECURITY] [DLA 2973-1] minidlna security update
- [debian-lts-announce] 20220409 [SECURITY] [DLA 2973-1] minidlna security update
- GLSA-202311-12
- GLSA-202311-12
- https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/
- https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/
- https://www.openwall.com/lists/oss-security/2022/03/03/1
- https://www.openwall.com/lists/oss-security/2022/03/03/1