Fedora 10 Update: 2009-10344 Critical Aria2 Buffer Overflow
fedora
October 8, 2009
Fixes CVE-2009-3575, A buffer overflow vulnerability described in more detail at
https://bugzilla.redhat.com/show_bug.cgi?id=527827
Summary
aria2 is a download utility with resuming and segmented downloading.
Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink
version 3.0.
Currently it has following features:
- HTTP/HTTPS GET support
- HTTP Proxy support
- HTTP BASIC authentication support
- HTTP Proxy authentication support
- FTP support(active, passive mode)
- FTP through HTTP proxy(GET command or tunneling)
- Segmented download
- Cookie support(currently aria2 ignores "expires")
- It can run as a daemon process.
- BitTorrent protocol support with fast extension.
- Selective download in multi-file torrent
- Metalink version 3.0 support(HTTP/FTP/BitTorrent).
- Limiting download/upload speed
Update Information:
Fixes CVE-2009-3575, A buffer overflow vulnerability described in more detail at https://bugzilla.redhat.com/show_bug.cgi?id=527827
Topics Covered
Change Log
* Thu Oct 8 2009 Rahul Sundaram
References
[ 1 ] Bug #527827 - CVE-2009-3575 aria2: buffer overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=527827
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update aria2' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: aria2
Product: Fedora 10
Version: 1.3.1
Release: 2.fc10
URL:
Summary: High speed download utility with resuming and segmented downloading
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!