Säkerhetsbulletin från Debian
DSA-1967-1 transmission -- katalogtraversering
- Rapporterat den:
- 2010-01-07
- Berörda paket:
- transmission
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2010-0012.
- Ytterligare information:
-
Dan Rosenberg upptäckte att Transmission, en lättviktsklient för fildelningsprotokollet Bittorrent, utför otillräcklig städning av filnamn i .torrent-filer. Detta kunde leda till överskrivning av lokala filer med rättigheter för användaren som kör Transmission om användaren luras att öppna en illvillig torrentfil.
För den stabila utgåvan (Lenny) har detta problem rättats i version 1.22-1+lenny2.
För den instabila utgåvan (Sid) har detta problem rättats i version 1.77-1.
Vi rekommenderar att ni uppgraderar era transmission-paket.
- Rättat i:
-
Debian GNU/Linux 5.0 (lenny)
- Källkod:
- http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz
- http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22.orig.tar.gz
- http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.dsc
- http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22.orig.tar.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2_all.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-common_1.22-1+lenny2_all.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-common_1.22-1+lenny2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_alpha.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_amd64.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_arm.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_arm.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_armel.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_armel.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_hppa.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_i386.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_i386.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_ia64.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_ia64.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_mipsel.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_powerpc.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_s390.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_s390.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_sparc.deb
- http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.