Fedora 11 Update: rb_libtorrent-0.14.3-2.fc11 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: March 6th, 2010

Linux Advisory Watch: February 26th, 2010

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora 11 Update: rb_libtorrent-0.14.3-2.fc11

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

This release adds an upstream patch to fix a directory traversal vulnerability which would allow a remote attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial relative pathname in a specially-crafted torrent.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-6502
2009-06-18 10:56:33
--------------------------------------------------------------------------------

Name        : rb_libtorrent
Product     : Fedora 11
Version     : 0.14.3
Release     : 2.fc11
URL         : http://www.rasterbar.com/products/libtorrent/
Summary     : A C++ BitTorrent library aiming to be the best alternative
Description :
rb_libtorrent is a C++ library that aims to be a good alternative to all
the other BitTorrent implementations around. It is a library and not a full
featured client, although it comes with a few working example clients.

Its main goals are to be very efficient (in terms of CPU and memory usage) as
well as being very easy to use both as a user and developer.

--------------------------------------------------------------------------------
Update Information:

This release adds an upstream patch to fix a directory traversal vulnerability
which would allow a remote attacker to create or overwrite arbitrary files via a
".." (dot dot) and partial relative pathname in a specially-crafted torrent.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 12 2009 Peter Gordon  - 0.14.3-2
- Apply upstream patch to fix CVE-2009-1760 (arbitrary file overwrite
  vulnerability):
  + CVE-2009-1760.diff
- Fixes security bug #505523.
- Drop outdated Boost patch:
  - 0.13.1-boost.patch
* Mon Apr 27 2009 Peter Gordon  - 0.14.3-1
- Update to new upstream bug-fix release (0.14.3).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=505523
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update rb_libtorrent' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce