Red Hat Product Errata RHSA-2021:2422 - Security Advisory
Issued:
2021-06-14
Updated:
2021-06-14

RHSA-2021:2422 - Security Advisory

Synopsis

Important: gupnp security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gupnp is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.

Security Fix(es):

  • gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64

Fixes

  • BZ - 1964091 - CVE-2021-33516 gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
gupnp-1.0.3-3.el8_2.src.rpm SHA-256: cacdbd8451af56adb71b58033296df35a0b3e5c49d0299bc45c7ad871c8fc7e9
x86_64
gupnp-1.0.3-3.el8_2.i686.rpm SHA-256: d64a045dc804a4e589516a7fc6e89fb5db82a7b2492c94bd5287b6e3af013fdf
gupnp-1.0.3-3.el8_2.x86_64.rpm SHA-256: bd83b83da0ab846662968643929811dd08d8f31f1beaa79181312d698bd7a53e
gupnp-debuginfo-1.0.3-3.el8_2.i686.rpm SHA-256: 78d9c1ac650375dc871c40f33356f37b8829d0d10c755744d73f98e792ccceb1
gupnp-debuginfo-1.0.3-3.el8_2.x86_64.rpm SHA-256: 54646920ae956e14d936d60003431daa870a7d340f5d7b0e083303f8d025ab52
gupnp-debugsource-1.0.3-3.el8_2.i686.rpm SHA-256: 981f2a14126b774abedb352467ffa9eea33b7ad4d9b2a31e6b69f085b9a80edb
gupnp-debugsource-1.0.3-3.el8_2.x86_64.rpm SHA-256: 7fa0278ea1a412cd658f5636ef0e16545eba90d8a4b80c2c4691930780ed0b61

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
gupnp-1.0.3-3.el8_2.src.rpm SHA-256: cacdbd8451af56adb71b58033296df35a0b3e5c49d0299bc45c7ad871c8fc7e9
x86_64
gupnp-1.0.3-3.el8_2.i686.rpm SHA-256: d64a045dc804a4e589516a7fc6e89fb5db82a7b2492c94bd5287b6e3af013fdf
gupnp-1.0.3-3.el8_2.x86_64.rpm SHA-256: bd83b83da0ab846662968643929811dd08d8f31f1beaa79181312d698bd7a53e
gupnp-debuginfo-1.0.3-3.el8_2.i686.rpm SHA-256: 78d9c1ac650375dc871c40f33356f37b8829d0d10c755744d73f98e792ccceb1
gupnp-debuginfo-1.0.3-3.el8_2.x86_64.rpm SHA-256: 54646920ae956e14d936d60003431daa870a7d340f5d7b0e083303f8d025ab52
gupnp-debugsource-1.0.3-3.el8_2.i686.rpm SHA-256: 981f2a14126b774abedb352467ffa9eea33b7ad4d9b2a31e6b69f085b9a80edb
gupnp-debugsource-1.0.3-3.el8_2.x86_64.rpm SHA-256: 7fa0278ea1a412cd658f5636ef0e16545eba90d8a4b80c2c4691930780ed0b61

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM
gupnp-1.0.3-3.el8_2.src.rpm SHA-256: cacdbd8451af56adb71b58033296df35a0b3e5c49d0299bc45c7ad871c8fc7e9
s390x
gupnp-1.0.3-3.el8_2.s390x.rpm SHA-256: b48a727092f17eb23981ff92f1679fec0692dfcb60b636b3c1d168e421028d11
gupnp-debuginfo-1.0.3-3.el8_2.s390x.rpm SHA-256: 22a99b65cba5e96c4ae18956f9b4bf149d8f85c30865b9f30392a66322dca993
gupnp-debugsource-1.0.3-3.el8_2.s390x.rpm SHA-256: b1179cedb99d2c77d54302e2e7ea2613fd711550867f5d0465b0209edae23030

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
gupnp-1.0.3-3.el8_2.src.rpm SHA-256: cacdbd8451af56adb71b58033296df35a0b3e5c49d0299bc45c7ad871c8fc7e9
ppc64le
gupnp-1.0.3-3.el8_2.ppc64le.rpm SHA-256: 05be7cb69fcd2a5b793d575739f4512b022855146f2c9039e63bcf7cfb8543a7
gupnp-debuginfo-1.0.3-3.el8_2.ppc64le.rpm SHA-256: cb4703cac67517c1a4632f2e171a1d88963b7ea1ffc0551cec3fb66655d4e1b0
gupnp-debugsource-1.0.3-3.el8_2.ppc64le.rpm SHA-256: f7e755c4debe09abae2ad3d54291f991ff501ed2f72d9cb0e35be19e3dba384f

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
gupnp-1.0.3-3.el8_2.src.rpm SHA-256: cacdbd8451af56adb71b58033296df35a0b3e5c49d0299bc45c7ad871c8fc7e9
x86_64
gupnp-1.0.3-3.el8_2.i686.rpm SHA-256: d64a045dc804a4e589516a7fc6e89fb5db82a7b2492c94bd5287b6e3af013fdf
gupnp-1.0.3-3.el8_2.x86_64.rpm SHA-256: bd83b83da0ab846662968643929811dd08d8f31f1beaa79181312d698bd7a53e
gupnp-debuginfo-1.0.3-3.el8_2.i686.rpm SHA-256: 78d9c1ac650375dc871c40f33356f37b8829d0d10c755744d73f98e792ccceb1
gupnp-debuginfo-1.0.3-3.el8_2.x86_64.rpm SHA-256: 54646920ae956e14d936d60003431daa870a7d340f5d7b0e083303f8d025ab52
gupnp-debugsource-1.0.3-3.el8_2.i686.rpm SHA-256: 981f2a14126b774abedb352467ffa9eea33b7ad4d9b2a31e6b69f085b9a80edb
gupnp-debugsource-1.0.3-3.el8_2.x86_64.rpm SHA-256: 7fa0278ea1a412cd658f5636ef0e16545eba90d8a4b80c2c4691930780ed0b61

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM
gupnp-1.0.3-3.el8_2.src.rpm SHA-256: cacdbd8451af56adb71b58033296df35a0b3e5c49d0299bc45c7ad871c8fc7e9
aarch64
gupnp-1.0.3-3.el8_2.aarch64.rpm SHA-256: 60b4f62caae07e2f49de314aed15ae2ef78d0faed40e1f21ff893160d51d7511
gupnp-debuginfo-1.0.3-3.el8_2.aarch64.rpm SHA-256: 54c57ed4c2f35669cdaee58f0f3f7eebcbccc699d12625720c16617a29707d96
gupnp-debugsource-1.0.3-3.el8_2.aarch64.rpm SHA-256: 5a169dcd90ab620651f43065581d75e77ef4f01fd866d9f746f97ae279c5a42f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM
gupnp-1.0.3-3.el8_2.src.rpm SHA-256: cacdbd8451af56adb71b58033296df35a0b3e5c49d0299bc45c7ad871c8fc7e9
ppc64le
gupnp-1.0.3-3.el8_2.ppc64le.rpm SHA-256: 05be7cb69fcd2a5b793d575739f4512b022855146f2c9039e63bcf7cfb8543a7
gupnp-debuginfo-1.0.3-3.el8_2.ppc64le.rpm SHA-256: cb4703cac67517c1a4632f2e171a1d88963b7ea1ffc0551cec3fb66655d4e1b0
gupnp-debugsource-1.0.3-3.el8_2.ppc64le.rpm SHA-256: f7e755c4debe09abae2ad3d54291f991ff501ed2f72d9cb0e35be19e3dba384f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM
gupnp-1.0.3-3.el8_2.src.rpm SHA-256: cacdbd8451af56adb71b58033296df35a0b3e5c49d0299bc45c7ad871c8fc7e9
x86_64
gupnp-1.0.3-3.el8_2.i686.rpm SHA-256: d64a045dc804a4e589516a7fc6e89fb5db82a7b2492c94bd5287b6e3af013fdf
gupnp-1.0.3-3.el8_2.x86_64.rpm SHA-256: bd83b83da0ab846662968643929811dd08d8f31f1beaa79181312d698bd7a53e
gupnp-debuginfo-1.0.3-3.el8_2.i686.rpm SHA-256: 78d9c1ac650375dc871c40f33356f37b8829d0d10c755744d73f98e792ccceb1
gupnp-debuginfo-1.0.3-3.el8_2.x86_64.rpm SHA-256: 54646920ae956e14d936d60003431daa870a7d340f5d7b0e083303f8d025ab52
gupnp-debugsource-1.0.3-3.el8_2.i686.rpm SHA-256: 981f2a14126b774abedb352467ffa9eea33b7ad4d9b2a31e6b69f085b9a80edb
gupnp-debugsource-1.0.3-3.el8_2.x86_64.rpm SHA-256: 7fa0278ea1a412cd658f5636ef0e16545eba90d8a4b80c2c4691930780ed0b61

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2

SRPM
x86_64
gupnp-debuginfo-1.0.3-3.el8_2.i686.rpm SHA-256: 78d9c1ac650375dc871c40f33356f37b8829d0d10c755744d73f98e792ccceb1
gupnp-debuginfo-1.0.3-3.el8_2.x86_64.rpm SHA-256: 54646920ae956e14d936d60003431daa870a7d340f5d7b0e083303f8d025ab52
gupnp-debugsource-1.0.3-3.el8_2.i686.rpm SHA-256: 981f2a14126b774abedb352467ffa9eea33b7ad4d9b2a31e6b69f085b9a80edb
gupnp-debugsource-1.0.3-3.el8_2.x86_64.rpm SHA-256: 7fa0278ea1a412cd658f5636ef0e16545eba90d8a4b80c2c4691930780ed0b61
gupnp-devel-1.0.3-3.el8_2.i686.rpm SHA-256: 916e7826ff10d865a0455ab1023756a0cc3c803fc2e6c29d40c778aa799ea10c
gupnp-devel-1.0.3-3.el8_2.x86_64.rpm SHA-256: 55eff1abe105c2354bb73cd4f778b8bb454a3cd06d99d32cb2db670b7ded6d44

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2

SRPM
ppc64le
gupnp-debuginfo-1.0.3-3.el8_2.ppc64le.rpm SHA-256: cb4703cac67517c1a4632f2e171a1d88963b7ea1ffc0551cec3fb66655d4e1b0
gupnp-debugsource-1.0.3-3.el8_2.ppc64le.rpm SHA-256: f7e755c4debe09abae2ad3d54291f991ff501ed2f72d9cb0e35be19e3dba384f
gupnp-devel-1.0.3-3.el8_2.ppc64le.rpm SHA-256: 9164048bc7bb71c965e0a5c7074d2e3cc672f042f7f9f0f6e1373210257dbf66

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.2

SRPM
s390x
gupnp-debuginfo-1.0.3-3.el8_2.s390x.rpm SHA-256: 22a99b65cba5e96c4ae18956f9b4bf149d8f85c30865b9f30392a66322dca993
gupnp-debugsource-1.0.3-3.el8_2.s390x.rpm SHA-256: b1179cedb99d2c77d54302e2e7ea2613fd711550867f5d0465b0209edae23030
gupnp-devel-1.0.3-3.el8_2.s390x.rpm SHA-256: 473c29ec1456c4c86683cf613ffb14132d3c5e7375c99e9f77c3f94a557f7156

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2

SRPM
aarch64
gupnp-debuginfo-1.0.3-3.el8_2.aarch64.rpm SHA-256: 54c57ed4c2f35669cdaee58f0f3f7eebcbccc699d12625720c16617a29707d96
gupnp-debugsource-1.0.3-3.el8_2.aarch64.rpm SHA-256: 5a169dcd90ab620651f43065581d75e77ef4f01fd866d9f746f97ae279c5a42f
gupnp-devel-1.0.3-3.el8_2.aarch64.rpm SHA-256: 7af150c62735b4383d5adc58015384f49ff1c09f2a68de3d43dca107067a9c2e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.