Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-202103-09 Critical Transmission RCE Security Flaw

gentoo
Calendar Grey July 26, 2020
Dist Gentoo Esm H88
Gentoo Linux Security Notice GLSA 202101-12 highlights potential vulnerabilities in QEMU leading to unauthorized access.
A use-after-free possibly allowing remote execution of code was discovered in Transmission.

Summary

Transmission mishandles some memory management which may allow manipulation of the heap.

Topics%20covered

Topics Covered

security advisory gentoo code execution remote execution normal severity transmission

Resolution

All Transmission users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-p2p/transmission-3.00"

References

[ 1 ] CVE-2018-10756 https://nvd.nist.gov/vuln/detail/CVE-2018-10756

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-07
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
critical
Lowest
Low
Medium
High
Critical

Severity: Normal
Title: Transmission: Remote code execution
Date: July 26, 2020
Bugs: #723258
ID: 202007-07

Topics%20covered

Topics Covered

security advisory gentoo code execution remote execution normal severity transmission

Synopsis

A use-after-free possibly allowing remote execution of code was discovered in Transmission.

Background

Transmission is a cross-platform BitTorrent client.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-p2p/transmission < 3.00 >= 3.00

Impact

===== A remote attacker could entice a user to open a specially crafted torrent file using Transmission, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Your message here