Fedora 8: 2008-1198 Critical: rb_libtorrent Stack Overflow Risk

rb_libtorrent is a C++ library that aims to be a good alternative to all

the other BitTorrent implementations around. It is a library and not a full

featured client, although it comes with a few working example clients.

Its main goals are to be very efficient (in terms of CPU and memory usage) as

well as being very easy to use both as a user and developer.

A potential remote exploit was found in the bdecode_recursive routine that

could trigger a stack overflow when passed malformed message data. This

release adds a fix for this issue from the upstream subversion repository that

limits the maximum recursive depth of this function.

* Mon Jan 28 2008 Peter Gordon - 0.12-3

- Add upstream patch (changeset 1968) to fix potential security vulnerability:

malformed messages passed through the bdecode_recursive routine could cause

a potential stack overflow.

+ svn1968-bdecode_recursive-security-fix.patch

su -c 'yum update rb_libtorrent' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/