========================================================================== Ubuntu Security Notice USN-4542-1 September 25, 2020 miniupnpd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in MiniUPnPd. Software Description: - miniupnpd: UPnP and NAT-PMP daemon for gateway routers Details: It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information. (CVE-2019-12107) It was discovered that MiniUPnPd incorrectly handled unpopulated user XML input. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12108, CVE-2019-12109) It was discovered that MiniUPnPd incorrectly handled an empty description when port mapping. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12110) It was discovered that MiniUPnPd did not properly parse certain PCP requests. An attacker could possibly use this issue to cause MiniUPnPd to crash, resulting in a denial of service. (CVE-2019-12111) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: miniupnpd 1.8.20140523-4.1+deb9u2build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4542-1 CVE-2019-12107, CVE-2019-12108, CVE-2019-12109, CVE-2019-12110, CVE-2019-12111 Package Information: https://launchpad.net/ubuntu/+source/miniupnpd/1.8.20140523-4.1+deb9u2build0.16.04.1