Fedora 9: 2009-2108 Moderate Risk of MLDonkey File Disclosure Issue

MLDonkey is a door to the 'donkey' network, a decentralized network used to

exchange big files on the Internet. It is written in a wonderful language,

called Objective-Caml, and present most features of the basic Windows donkey

client, plus some more:

- It should work on most UNIX-compatible platforms.

- You can remotely command your client, either by telnet (port 4000),

by a WEB browser (), or with a classical client

interface (see - You can connect to several servers, and each search will query all the

connected servers.

- You can select mp3s by bitrates in queries (useful ?).

- You can select the name of a downloaded file before moving it to your

incoming directory.

- You can have several queries in the graphical user interface at the same

time.

- You can remember your old queries results in the command-line interface.

- You can search in the history of all files you have seen on the network.

It can also access other peer-to-peer networks:

- BitTorrent

- Fasttrack

- FileTP (wget-clone)

- DC++

Fix remote arbitrary file disclosure via a GET request with more than one

leading / (slash) character in the filename.

[ 1 ] Bug #487132 - MLDonkey: remote arbitrary file disclosure via a GET request with more than one leading / (slash) character in the filename.

https://bugzilla.redhat.com/show_bug.cgi?id=487132

su -c 'yum update mldonkey' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/