An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this vulnerability.
afais this is fixed since net-libs/miniupnpc-1.9.20150917-r1 so we need to stabilize this or backport it to 1.8 see https://github.com/miniupnp/miniupnp/commit/2f5cc790339cf69871162dcf535c1c5f08b836be Can we get a statement from the maintainer?
$ git tag --contains 2f5cc790339cf69871162dcf535c1c5f08b836be | sort minissdpd_1_5 miniupnpc_2_0 miniupnpd_2_0 @ Maintainer(s): Please bump to >=net-libs/miniupnpc-2.0 (https://github.com/miniupnp/miniupnp/releases/tag/miniupnpc_2_0).
current status in tree: Keywords for net-libs/miniupnpc: | | u | | a a p a n r s | n | | l m h i p r m m i i s p | e u s | r | p d a p a p c x m i 6 o s 3 a | a s l | e | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o -------------+---------------------------------+----------+------- 1.8 | o + + + o + + + o ~ o o o o o + | 5 o 0 | gentoo -------------+---------------------------------+----------+------- 1.9.20151008 | o + + + o + + + o ~ o o o o o + | 5 o 0/14 | gentoo -------------+---------------------------------+----------+------- 2.0.20161216 | o ~ ~ ~ o ~ ~ ~ o ~ o o o o o ~ | 6 # 0/16 | gentoo 2.0.20170509 | o + + ~ o + + + ~ ~ o o o o o + | 6 o | gentoo Gentoo Security Padawan ChrisADR
hppa arch please stabilize.
hppa stable
All arches stabilized, maintainter(s), please cleanup, thank you! Gentoo Security Padawan (Jmbailey/mbailey_j)
It was cleaned Jan 2 already: Keywords for net-libs/miniupnpc: | | u | | a a p a n r s | n | | l m h i p r m m i i s p | e u s | r | p d a p a p c x m i 6 o s 3 a | a s l | e | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o ----------------+---------------------------------+----------+------- 2.0.20170509 | o + + + o + + + ~ ~ o o o o o + | 6 o 0/16 | gentoo [I]2.0.20171212 | o ~ ~ ~ o ~ ~ ~ ~ ~ o o o o o ~ | 6 o | gentoo
glsa request has already been filed
This issue was resolved and addressed in GLSA 201801-08 at https://security.gentoo.org/glsa/201801-08 by GLSA coordinator Aaron Bauman (b-man).