[ MDVSA-2010:014 ] transmission

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:014
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : transmission
 Date    : January 18, 2010
 Affected: 2010.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in transmission:
 
 Directory traversal vulnerability in libtransmission/metainfo.c in
 Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to
 overwrite arbitrary files via a .. (dot dot) in a pathname within a
 .torrent file (CVE-2010-0012).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0012
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 738aa566fc34d94d59d0cf4ac042169b  2010.0/i586/transmission-cli-1.75-1.1mdv2010.0.i586.rpm
 f29ffbfdee26858eb1893c68cdbdc261  2010.0/i586/transmission-common-1.75-1.1mdv2010.0.i586.rpm
 1b9872a0f318341b8761fe51f3d0d960  2010.0/i586/transmission-daemon-1.75-1.1mdv2010.0.i586.rpm
 86cf5dd8e00c0e7c625c4868fd2972ad  2010.0/i586/transmission-gtk-1.75-1.1mdv2010.0.i586.rpm
 130b5449138e32ae792c47079e4061ad  2010.0/i586/transmission-qt4-1.75-1.1mdv2010.0.i586.rpm 
 f4be871d846933754abc95a4b97eab58  2010.0/SRPMS/transmission-1.75-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 f394d7bb58be0154527cb2c832bd12fe  2010.0/x86_64/transmission-cli-1.75-1.1mdv2010.0.x86_64.rpm
 3c10c635515610c83968a81d1cf0999d  2010.0/x86_64/transmission-common-1.75-1.1mdv2010.0.x86_64.rpm
 8b089091efa0b107c175a463e78a3eac  2010.0/x86_64/transmission-daemon-1.75-1.1mdv2010.0.x86_64.rpm
 32b6e112d0aab849cd11285a262e863b  2010.0/x86_64/transmission-gtk-1.75-1.1mdv2010.0.x86_64.rpm
 39bfff043c3940062873d0cbc6e488ba  2010.0/x86_64/transmission-qt4-1.75-1.1mdv2010.0.x86_64.rpm 
 f4be871d846933754abc95a4b97eab58  2010.0/SRPMS/transmission-1.75-1.1mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLVIZ+mqjQ0CJFipgRAqneAJwLiNQmeaSvbKrqDSjcMleMq6+/iACfb2bX
FbJxrHaL0dB7MHytRnDoOyE=
=LVot
-----END PGP SIGNATURE-----


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux