ASA-202012-15 log generated external raw

[ASA-202012-15] minidlna: arbitrary code execution
Arch Linux Security Advisory ASA-202012-15 ========================================== Severity: High Date : 2020-12-09 CVE-ID : CVE-2020-28926 Package : minidlna Type : arbitrary code execution Remote : Yes Link : Summary ======= The package minidlna before version 1.3.0-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1.3.0-1. # pacman -Syu "minidlna>=1.3.0-1" The problem has been fixed upstream in version 1.3.0. Workaround ========== None. Description =========== ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. Impact ====== An attacker on the local network can execute arbitrary code via a malicious UPnP HTTP request. References ==========