An update for libupnp is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1142 Final 1.0 1.0 2021-04-07 Initial 2021-04-07 2021-04-07 openEuler SA Tool V1.0 2021-04-07 libupnp security update An update for libupnp is now available for openEuler-20.03-LTS-SP1. The Universal Plug and Play (UPnP) SDK for Linux provides support for building UPnP-compliant control points, devices, and bridges on Linux. Security Fix(es): Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.(CVE-2020-13848) An update for libupnp is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libupnp https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1142 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-13848 https://nvd.nist.gov/vuln/detail/CVE-2020-13848 openEuler-20.03-LTS-SP1 libupnp-1.8.4-3.oe1.aarch64.rpm libupnp-debuginfo-1.8.4-3.oe1.aarch64.rpm libupnp-debugsource-1.8.4-3.oe1.aarch64.rpm libupnp-debugsource-1.8.4-3.oe1.aarch64.rpm libupnp-1.8.4-3.oe1.src.rpm libupnp-1.8.4-3.oe1.x86_64.rpm libupnp-debuginfo-1.8.4-3.oe1.x86_64.rpm libupnp-debugsource-1.8.4-3.oe1.x86_64.rpm libupnp-debugsource-1.8.4-3.oe1.x86_64.rpm Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. 2021-04-07 CVE-2020-13848 openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H libupnp security update 2021-04-07 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1142