-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:014 http://www.mandriva.com/security/ _______________________________________________________________________ Package : transmission Date : January 18, 2010 Affected: 2010.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in transmission: Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file (CVE-2010-0012). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0012 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: 738aa566fc34d94d59d0cf4ac042169b 2010.0/i586/transmission-cli-1.75-1.1mdv2010.0.i586.rpm f29ffbfdee26858eb1893c68cdbdc261 2010.0/i586/transmission-common-1.75-1.1mdv2010.0.i586.rpm 1b9872a0f318341b8761fe51f3d0d960 2010.0/i586/transmission-daemon-1.75-1.1mdv2010.0.i586.rpm 86cf5dd8e00c0e7c625c4868fd2972ad 2010.0/i586/transmission-gtk-1.75-1.1mdv2010.0.i586.rpm 130b5449138e32ae792c47079e4061ad 2010.0/i586/transmission-qt4-1.75-1.1mdv2010.0.i586.rpm f4be871d846933754abc95a4b97eab58 2010.0/SRPMS/transmission-1.75-1.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: f394d7bb58be0154527cb2c832bd12fe 2010.0/x86_64/transmission-cli-1.75-1.1mdv2010.0.x86_64.rpm 3c10c635515610c83968a81d1cf0999d 2010.0/x86_64/transmission-common-1.75-1.1mdv2010.0.x86_64.rpm 8b089091efa0b107c175a463e78a3eac 2010.0/x86_64/transmission-daemon-1.75-1.1mdv2010.0.x86_64.rpm 32b6e112d0aab849cd11285a262e863b 2010.0/x86_64/transmission-gtk-1.75-1.1mdv2010.0.x86_64.rpm 39bfff043c3940062873d0cbc6e488ba 2010.0/x86_64/transmission-qt4-1.75-1.1mdv2010.0.x86_64.rpm f4be871d846933754abc95a4b97eab58 2010.0/SRPMS/transmission-1.75-1.1mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLVIZ+mqjQ0CJFipgRAqneAJwLiNQmeaSvbKrqDSjcMleMq6+/iACfb2bX FbJxrHaL0dB7MHytRnDoOyE= =LVot -----END PGP SIGNATURE-----