Joined: 12 May 2004
|Posted: Sat Jan 15, 2011 10:26 pm Post subject: [ GLSA 201101-04 ] aria2: Directory traversal
|Gentoo Linux Security Advisory
Title: aria2: Directory traversal (GLSA 201101-04)
Date: January 15, 2011
A directory traversal vulnerability has been found in aria2.
aria2 is a download utility with resuming and segmented downloading
with HTTP/HTTPS/FTP/BitTorrent support.
Vulnerable: < 1.9.3
Unaffected: >= 1.9.3
Architectures: All supported architectures
A directory traversal vulnerability was discovered in aria2.
A remote attacker could entice a user to download from a specially
crafted metalink file, resulting in the creation of arbitrary files.
There is no known workaround at this time.
All aria2 users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/aria2-1.9.3"