Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

openSUSE Leap 42.2: 2017:1500-2 Major Deluge CSRF Vulnerabilities

opensuse
Calendar Grey June 7, 2017
Dist Opensuse Esm H88
Resolves a pair of security concerns for deluge on openSUSE: significant update addressing severe vulnerabilities.
An update that fixes two vulnerabilities is now available

Description

This update for deluge fixes two security issues:

- CVE-2017-9031: A remote attacker may have used a directory traversal

vulnerability in the web interface (bsc#1039815)

- CVE-2017-7178: A remote attacher could have exploited a CSRF

vulnerability to trick a logged-in user to perform actions in the WebUI

(bsc#1039958)

In addition, deluge was updated to 1.3.15 with the following fixes and

changes:

- Core: Fix issues with displaying libtorrent-rasterbar single proxy.

- Core: Fix libtorrent-rasterbar 1.2 trackers crashing Deluge UIs.

- Core: Fix an error in torrent priorities causing file priority mismatch

in UIs.

- GtkUI: Fix column sort state not saved in Thinclient mode.

- GtkUI: Fix a connection manager error with malformed ip.

- GtkUI: Rename SystemTray/Indicator "Pause/Resume All" to "Pause/Resume

Session".

- GtkUI: Workaround libtorrent-rasterbar single proxy by greying out

unused proxy types.

- Notification...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-656=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (noarch):

deluge-1.3.15-3.3.1

deluge-lang-1.3.15-3.3.1

References

https://www.suse.com/security/cve/CVE-2017-7178.html

https://www.suse.com/security/cve/CVE-2017-9031.html

https://bugzilla.suse.com/1039815

https://bugzilla.suse.com/1039958

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:1497-1
Rating: important
Affected Products: openSUSE Leap 42.2 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.