Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryupdateFedoraFedora 42 deluge 2025-1c57e21dac critical: HTTP check issues
https://deluge.readthedocs.io/en/deluge-2.2.0/changelog.html 2.2.0 (2025-04-28) Breaking changes Removed Python 3.6 support (Python > = 3.7) Core. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1c57e21dac 2025-05-11 01:15:12.231753+00:00 -------------------------------------------------------------------------------- Name : deluge Product : Fedora 42 Version : 2.2.0 Release : 1.fc42 URL : http://deluge-torrent.org/ Summary : A GTK+ BitTorrent client with support for DHT, UPnP, and PEX Description : Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT (Distributed Hash Tables), PEX (µTorrent-compatible Peer Exchange), and UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forwarding. -------------------------------------------------------------------------------- Update Information: https://deluge.readthedocs.io/en/deluge-2.2.0/changelog.html 2.2.0 (2025-04-28) Breaking changes Removed Python 3.6 support (Python > = 3.7) Core Fix GHSL-2024-189 - insecure HTTP for new version check. Fix alert handler segfault. Add support for creating v2 torrents. GTK UI Fix changing torrent ownership. Fix upper limit of upload/download in Add Torrent dialog. Fix #3339 - Resizing window crashes with Piecesbar or Stats plugin. Fix #3350 - Unable to use quick search. Fix #3598 - Missing AppIndicator option in Preferences. Set Appindicator as default for tray icon on Linux. Add feature to switch between dark/light themes. Web UI Fix GHSL-2024-191 - potential flag endpoint path traversal. Fix GHSL-2024-188 - js script dir traversal vulnerability. Fix GHSL-2024-190 - insecure tracker icon endpoint. Fix unable to stop daemon in connection manager. Fix responsiveness toavoid âConnection lostâ. Add support for network interface name as well as IP address. Add ability to change UI theme. Console UI Fix ârmâ and âmoveâ commands hanging when done. Fix #3538 - Unable to add host in connection manager. Disable interactive-mode on Windows. UI library Fix tracker icon display by converting to png format. Fix splitting trackers by newline Add clickable URLs for torrent comment and tracker status. Label Fix torrent deletion not removed from config. Fix label display name in submenu. AutoAdd Fix #3515 - Torrent file decoding errors disabled watch folder. -------------------------------------------------------------------------------- ChangeLog: * Thu May 1 2025 Michael Cronenworth - 2.2.0-1 - Version update * Tue Feb 11 2025 Zbigniew JÄdrzejewski-Szmek - 2.1.1-12 - Add sysusers.d config file to allow rpm to create users/groups automatically -------------------------------------------------------------------------------- References: [ 1 ] Bug #2363230 - deluge-2.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2363230 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1c57e21dac' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 42 introduces major upgrades to its Deluge torrent client, addressing key bugs and enhancing features for improved usability and performance. deluge software update, Fedora 42 security advisory, software vulnerabilities, torrent client security. . Severity: Critical. LinuxSecurity.com Team
May 11, 2025
•Critical
Fedora
202
security advisorydirectory traversalCSRFopenSUSE Leap 42.2: 2017:1500-2 Major Deluge CSRF Vulnerabilities
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for deluge ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1497-1 Rating: important References: #1039815 #1039958 Cross-References: CVE-2017-7178 CVE-2017-9031 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for deluge fixes two security issues: - CVE-2017-9031: A remote attacker may have used a directory traversal vulnerability in the web interface (bsc#1039815) - CVE-2017-7178: A remote attacher could have exploited a CSRF vulnerability to trick a logged-in user to perform actions in the WebUI (bsc#1039958) In addition, deluge was updated to 1.3.15 with the following fixes and changes: - Core: Fix issues with displaying libtorrent-rasterbar single proxy. - Core: Fix libtorrent-rasterbar 1.2 trackers crashing Deluge UIs. - Core: Fix an error in torrent priorities causing file priority mismatch in UIs. - GtkUI: Fix column sort state not saved in Thinclient mode. - GtkUI: Fix a connection manager error with malformed ip. - GtkUI: Rename SystemTray/Indicator "Pause/Resume All" to "Pause/Resume Session". - GtkUI: Workaround libtorrent-rasterbar single proxy by greying out unused proxy types. - Notification Plugin: Fix webui passing string for int port value. - AutoAdd Plugin: Add WebUI preferences page detailing lack of configuration via WebUI. - Label Plugin: Add WebUI preferences page detailing how to configure plugin. - Core: Fix 'Too many files open' errors. - Core: Add support for python-GeoIP for use with libtorrent 1.1. -Core: Fix a single proxy entry being overwritten resulting in no proxy set. - UI: Add the tracker_status translation to UIs. - GtkUI: Strip whitespace from infohash before checks. - GtkUI: Add a missed feature autofill infohash entry from clipboard. - WebUI: Backport bind interface option for server. - ConsoleUI: Fix a decode error comparing non-ascii (str) torrent names. - AutoAdd Plugin: Fixes for splitting magnets from file. - Remove the duplicate magnet extension when splitting. - Remove deluge-libtorrent-1.1-geoip.patch: fixed upstream. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-656=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (noarch): deluge-1.3.15-3.3.1 deluge-lang-1.3.15-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-7178.html https://www.suse.com/security/cve/CVE-2017-9031.html https://bugzilla.suse.com/1039815 https://bugzilla.suse.com/1039958 . Resolves a pair of security concerns for deluge on openSUSE: significant update addressing severe vulnerabilities.. openSUSE Security, Deluge Update, Important Security Patch. . Severity: Important. LinuxSecurity.com Team
Jun 07, 2017
•Important
OpenSUSE
87
security advisorydebiandirectory traversalDebian DSA-3856-1: Deluge Critical Issues - Directory Traversal and CSRF
Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery). . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3856-1
May 18, 2017
•Critical
Debian
197
security advisorycriticaldebianDebian 7 Wheezy DLA-943-1 Directory Traversal Fix for Deluge
It was discovered that there was a directory traversal attack vulnerability in the web user interface web in the deluge bittorrent client. For Debian 7 "Wheezy", this issue has been fixed in deluge version . Hash: SHA256 Package : deluge Version : 1.3.3-2+nmu1+deb7u2 Debian Bug : #862611 It was discovered that there was a directory traversal attack vulnerability in the web user interface web in the deluge bittorrent client. For Debian 7 "Wheezy", this issue has been fixed in deluge version 1.3.3-2+nmu1+deb7u2. We recommend that you upgrade your deluge packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
May 16, 2017
•Critical
Debian LTS
89
security advisorymoderatefedoraFedora 9: 2009-6682 Moderate: Deluge Directory Traversal Threat
This release adds a backported upstream patch to fix a directory traversal vulnerability in the included copy of libtorrent which would allow a remote attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial relative pathname in a specially-crafted torrent.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-6682 2009-06-19 12:31:30 -------------------------------------------------------------------------------- Name : deluge Product : Fedora 9 Version : 0.5.9.3 Release : 2.fc9 URL : https://deluge-torrent.org/ Summary : A GTK+ BitTorrent client with support for DHT, UPnP, and PEX Description : Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT (Distributed Hash Tables), PEX (µTorrent-compatible Peer Exchange), and UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forwarding. -------------------------------------------------------------------------------- Update Information: This release adds a backported upstream patch to fix a directory traversal vulnerability in the included copy of libtorrent which would allow a remote attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial relative pathname in a specially-crafted torrent. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2009 Peter Gordon - 0.5.9.3-2 - Revert CVS files to to 0.9.5.3 - Add backported patch for the included copy of rb_libtorrent to fix CVE-2009-1760 (#505523): + 0.5.9.3-CVE-2009-1760.diff * Thu Nov 13 2008 Peter Gordon - 1.0.5-1 - Update to new upstream release (1.0.5) - Drop desktop file icon name hack (fixed upstream). - Add setuptools runtime dependency, to fix "Nomodule named pkg_resources" error messages. * Tue Jun 24 2008 Peter Gordon - 0.5.9.3-1 - Update to new upstream release (0.5.9.3) * Fri May 23 2008 Peter Gordon - 0.5.9.1-1 - Update to new upstream release (0.5.9.1) * Fri May 2 2008 Peter Gordon - 0.5.9.0-1 - Update to new upstream release (0.5.9.0) - Drop upstreamed default-preferences patch for disabling new version notifications: - default-prefs-no-release-notifications.patch * Tue Apr 15 2008 Peter Gordon - 0.5.8.9-1 - Update to new upstream release (0.5.8.9) * Wed Mar 26 2008 Peter Gordon - 0.5.8.7-1 - Update to new upstream release (0.5.8.7) -------------------------------------------------------------------------------- References: [ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=505523 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update deluge' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jun 26, 2009
•Important
Fedora
89
security advisorymoderatefedoraFedora 10: 2009-6760 Moderate: Deluge 1.1.9 Directory Traversal Fix
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-6760 2009-06-19 12:33:28 -------------------------------------------------------------------------------- Name : deluge Product : Fedora 10 Version : 1.1.9 Release : 1.fc10 URL : https://deluge-torrent.org/ Summary : A GTK+ BitTorrent client with support for DHT, UPnP, and PEX Description : Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT (Distributed Hash Tables), PEX (µTorrent-compatible Peer Exchange), and UPnP (Universal Plug-n-Play) that allow one to more easily share BitTorrent data even from behind a router with virtually zero configuration of port-forwarding. -------------------------------------------------------------------------------- Update Information: Deluge 1.1.9 contains updated translations and fixes for a "move torrent" issue (now only happens when the torrent has data downloaded), a folder renaming bug (renaming a parent folder into multiple folders), and an issue with adding a remote torrent in the WebUI. This update also includes all upstream bug-fixes and enhancements in versions 1.1.7 and 1.1.8 (which were skipped in this package). For a full list of these changes, please see the upstream changelog: In addition, the included copy of rb_libtorrent has been updated to fix a potential directory traversal vulnerability which would allow a remote attacker to create or overwrite arbitrary files via a ".." (dot dot) and partial relative pathname in a specially-crafted torrent. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 17 2009 Peter Gordon - 1.1.9-1 - Update to new upstream bug-fix release (1.1.9), updates internal libtorrent copy to fix CVE-2009-1760 (#505523). - Adds dependency on chardet for fixing lots ofbugs with torrents which are not encoded as UTF-8. - Add back the flags, in an optional -flags subpackage as per the new Flags policy (Package_Maintainers_Flags_Policy on the wiki). - Add LICENSE and README to installed documentation. * Tue Apr 7 2009 Peter Gordon - 1.1.6-1 - Update to new upstream bug-fix release (1.1.6) - Fix GPL version, add OpenSSL exception to License. * Thu Mar 26 2009 Peter Gordon - 1.1.5-1 - Update to new upstream bug-fix release (1.1.5) * Tue Mar 10 2009 Peter Gordon - 1.1.4-2 - Fix the installed location of the scalable (SVG) icon (#483443). + scalable-icon-dir.diff * Mon Mar 9 2009 Peter Gordon - 1.1.4-1 - Update to new upstream bug-fix release (1.1.4) * Sun Feb 15 2009 Peter Gordon - 1.1.3-1 - Update to new upstream bug-fix release (1.1.3) * Sun Feb 1 2009 Peter Gordon - 1.1.2-2 - Fix scalable icon directory ownership (#483443). * Sat Jan 31 2009 Peter Gordon - 1.1.2-1 - Update to new upstream bug-fix release (1.1.2) * Fri Jan 16 2009 Peter Gordon - 1.1.0-1 - Update to new upstream release (1.1.0 Final - yay!) - Do not package the country flags data. (#479265) * Tue Dec 16 2008 Peter Gordon - 1.0.7-1 - Update to new upstream bug-fix release (1.0.7) - Remove CC-BY-SA license (the Tango WebUI images have been replaced by upstream). * Mon Dec 1 2008 Peter Gordon - 1.0.6-1 - Update to new upstream release (1.0.6) - Adds Tango images to the WebUI data (CC-BY-SA) and some man pages. - Properly mark translation files with %lang. * Thu Nov 13 2008 Peter Gordon - 1.0.5-1 - Update to new upstream release (1.0.5) * Fri Oct 31 2008 Peter Gordon - 1.0.4-1 - Update to new upstream release (1.0.4). -------------------------------------------------------------------------------- References: [ 1 ] Bug #505523 - CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=505523 -------------------------------------------------------------------------------- This update can be installed with the "yum"update program. Use su -c 'yum update deluge' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jun 26, 2009
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!