Explore top 10 tips to secure your open-source projects now. Read More
×
This update for transmission fixes the following issues:
- CVE-2026-38978: add clickjack safeguards when serving http responses
(boo#1267404).
- Update to 4.0.6:
+ Improved parsing HTTP tracker announce response. (#6223)
+ Fixed 4.0.0 bug that caused some user scripts to have an invalid
TR_TORRENT_TRACKERS environment variable. (#6434)
+ Fixed 4.0.0 bug where alt-speed-enabled had no effect in
settings.json. (#6483)
+ Fixed 4.0.0 bug where the GTK client's "Use authentication"
option was not saved between's sessions. (#6514)
+ Fixed 4.0.0 bug where the filename for single-file torrents aren't
sanitized. (#6846)
+ Fixed 4.0.0 bug where piece size description text and slider state in
torrent creation dialog are not always up-to-date.
+ Fixed build when compiling with GTKMM 4. (#6393)
+ Added the launchable desktop-id to metainfo files. (#6779)
+ Fixed build when compiling on BSD. (#6812)
...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-237=1
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):
transmission-4.0.6-bp157.2.3.1
transmission-daemon-4.0.6-bp157.2.3.1
transmission-gtk-4.0.6-bp157.2.3.1
transmission-qt-4.0.6-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (noarch):
system-user-transmission-4.0.6-bp157.2.3.1
transmission-common-4.0.6-bp157.2.3.1
transmission-gtk-lang-4.0.6-bp157.2.3.1
transmission-qt-lang-4.0.6-bp157.2.3.1
https://www.suse.com/security/cve/CVE-2026-38978.html
https://bugzilla.suse.com/1267404
Get the latest Linux and open source security news straight to your inbox.