Fedora 10 Update: rb_libtorrent-0.13.1-5.fc10 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: February 10th, 2012

Linux Security Week: February 6th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora 10 Update: rb_libtorrent-0.13.1-5.fc10

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

This release adds an upstream patch to fix a directory traversal vulnerability which would allow a remote attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial relative pathname in a specially-crafted torrent.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-6547
2009-06-18 10:59:17
--------------------------------------------------------------------------------

Name        : rb_libtorrent
Product     : Fedora 10
Version     : 0.13.1
Release     : 5.fc10
URL         : http://www.rasterbar.com/products/libtorrent/
Summary     : A C++ BitTorrent library aiming to be the best alternative
Description :
rb_libtorrent is a C++ library that aims to be a good alternative to all
the other BitTorrent implementations around. It is a library and not a full
featured client, although it comes with a few working example clients.

Its main goals are to be very efficient (in terms of CPU and memory usage) as
well as being very easy to use both as a user and developer.

--------------------------------------------------------------------------------
Update Information:

This release adds an upstream patch to fix a directory traversal vulnerability
which would allow a remote attacker to create or overwrite arbitrary files via a
".." (dot dot) and partial relative pathname in a specially-crafted torrent.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 14 2009 Peter Gordon  - 0.13.1-5
- Apply upstream patch to fix CVE-2009-1760 (arbitrary file overwrite
  vulnerability):
  + 0.13-CVE-2009-1760.diff
- Fixes security bug #505523.
* Mon Jan  5 2009 Peter Gordon  - 0.13.1-4
- Add asio-devel as runtime dependency for the devel subpackage (#478589)
* Thu Nov 20 2008 Peter Gordon 
- Update Source0 URL, for now.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=505523
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update rb_libtorrent' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce