Fedora: 2009-6547 Critical: rb_libtorrent Directory Traversal Risk
fedora
June 26, 2009
This release adds an upstream patch to fix a directory traversal vulnerability
which would allow a remote attacker to create or overwrite arbitrary files via a
".." (dot dot) and ...
Summary
rb_libtorrent is a C++ library that aims to be a good alternative to all
the other BitTorrent implementations around. It is a library and not a full
featured client, although it comes with a few working example clients.
Its main goals are to be very efficient (in terms of CPU and memory usage) as
well as being very easy to use both as a user and developer.
Update Information:
This release adds an upstream patch to fix a directory traversal vulnerability which would allow a remote attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial relative pathname in a specially-crafted torrent.
Change Log
* Sun Jun 14 2009 Peter Gordon
References
[ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=505523
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update rb_libtorrent' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: rb_libtorrent
Product: Fedora 10
Version: 0.13.1
Release: 5.fc10
Summary: A C++ BitTorrent library aiming to be the best alternative
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!