GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Jun 01, 2010 9:26 pm Post subject: [ GLSA 201006-06 ] Transmission: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: Transmission: Multiple vulnerabilities (GLSA 201006-06)
Severity: normal
Exploitable: remote
Date: June 01, 2010
Bug(s): #309831
ID: 201006-06
Synopsis
Stack-based buffer overflows in Transmission may allow for remote execution
of arbitrary code.
Background
Transmission is a cross-platform BitTorrent client.
Affected Packages
Package: net-p2p/transmission
Vulnerable: < 1.92
Unaffected: >= 1.92
Architectures: All supported architectures
Description
Multiple stack-based buffer overflows in the tr_magnetParse() function
in libtransmission/magnet.c have been discovered.
Impact
A remote attacker could cause a Denial of Service or possibly execute
arbitrary code via a crafted magnet URL with a large number of tr or ws
links.
Workaround
There is no known workaround at this time.
Resolution
All Transmission users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/transmission-1.92" |
References
CVE-2010-1853
Last edited by GLSA on Wed Jul 02, 2014 4:29 am; edited 4 times in total |
|