Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 728
Alerts This Week
Warning Icon 1 728

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 6 articles for you...
89

Fedora 40: FEDORA-2024-ab5ad835c1 moderate: qbittorrent RCE threat

Update to 5.0.2 fix rhbz#2326888. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ab5ad835c1 2024-12-01 03:37:40.166848+00:00 -------------------------------------------------------------------------------- Name : qbittorrent Product : Fedora 40 Version : 5.0.2 Release : 1.fc40 URL : https://www.qbittorrent.org Summary : A Bittorrent Client Description : A Bittorrent client using rb_libtorrent and a Qt6 Graphical User Interface. It aims to be as fast as possible and to provide multi-OS, unicode support. -------------------------------------------------------------------------------- Update Information: Update to 5.0.2 fix rhbz#2326888 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 23 2024 Filipe Rosset - 1:5.0.2-1 - Update to 5.0.2 fix rhbz#2326888 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2262473 - [abrt] qbittorrent: qAbort(): qbittorrent killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=2262473 [ 2 ] Bug #2323595 - CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2323595 [ 3 ] Bug #2323596 - CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2323596 [ 4 ] Bug #2326888 - qbittorrent-5.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2326888 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ab5ad835c1' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . CentOS Update Alert for qbittorrent version 5.0.2, fixing vulnerabilities and ensuring essential enhancements.. qbittorrent security, Fedora updates, software vulnerabilities, security patching. . LinuxSecurity.com Team

Calendar%202 Dec 01, 2024 Fedora
89

Fedora 41: 2024-1c74fc369b Moderate: qbittorrent RCE Fix

Update to 5.0.2 fix rhbz#2326888. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-1c74fc369b 2024-11-27 02:18:57.510505+00:00 -------------------------------------------------------------------------------- Name : qbittorrent Product : Fedora 41 Version : 5.0.2 Release : 1.fc41 URL : https://www.qbittorrent.org Summary : A Bittorrent Client Description : A Bittorrent client using rb_libtorrent and a Qt6 Graphical User Interface. It aims to be as fast as possible and to provide multi-OS, unicode support. -------------------------------------------------------------------------------- Update Information: Update to 5.0.2 fix rhbz#2326888 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 23 2024 Filipe Rosset - 1:5.0.2-1 - Update to 5.0.2 fix rhbz#2326888 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2262473 - [abrt] qbittorrent: qAbort(): qbittorrent killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=2262473 [ 2 ] Bug #2323595 - CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2323595 [ 3 ] Bug #2323596 - CVE-2024-51774 qbittorrent: RCE Vulnerability in qBittorrent Due to Improper SSL/TLS Certificate Validation [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2323596 [ 4 ] Bug #2326888 - qbittorrent-5.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2326888 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-1c74fc369b' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . An essential upgrade for qbittorrent tackles significant SSL/TLS validation concerns, bolstering security measures in Fedora.. qbittorrent Security, Fedora Advisory, RCE Vulnerability Updates, SSL Certification Issues. . LinuxSecurity.com Team

Calendar%202 Nov 27, 2024 Fedora
202

openSUSE: 2024:0358-1 moderate: qbittorrent security patch

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for qbittorrent ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0358-1 Rating: moderate References: #1232731 Cross-References: CVE-2024-51774 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for qbittorrent fixes the following issues: - Update to version 5.0.1 (fixes boo#1232731 CVE-2024-51774) Added features: * Add "Simple pread/pwrite" disk IO type Bug fixes: * Don't ignore SSL errors (boo#1232731 CVE-2024-51774) * Don't try to apply Mark-of-the-Web to nonexistent files * Disable "Move to trash" option by default * Disable the ability to create torrents with a piece size of 256MiB * Allow to choose Qt style * Always notify user about duplicate torrent * Correctly handle "torrent finished after move" event * Correctly apply filename filter when `!qB` extension is enabled * Improve color scheme change detection * Fix button state for SSL certificate check Web UI: * Fix CSS that results in hidden torrent list in some browsers * Use proper text color to highlight items in all filter lists * Fix 'rename files' dialog cannot be opened more than once * Fix UI of Advanced Settings to show all settings * Free resources allocated by web session once it is destructed Search: * Import correct libraries Other changes: * Sync flag icons with upstream Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-358=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64): qbittorrent-5.0.1-bp156.3.6.1 qbittorrent-nox-5.0.1-bp156.3.6.1 References: https://www.suse.com/security/cve/CVE-2024-51774.html https://bugzilla.suse.com/1232731 . OpenSUSE has released a security update for qbittorrent, addressing several moderate vulnerabilities, while improving the functionality of the web interface and resolving various bugs.. openSUSE patch, qbittorrent update, software security fix. . LinuxSecurity.com Team

Calendar%202 Nov 08, 2024 OpenSUSE
202

openSUSE 2023:0391-1 moderate: libtorrent and qbittorrent fix

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for libtorrent-rasterbar, qbittorrent ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0391-1 Rating: moderate References: #1217677 Cross-References: CVE-2023-30801 CVSS scores: CVE-2023-30801 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtorrent-rasterbar, qbittorrent fixes the following issues: Changes in libtorrent-rasterbar: - Update to version 2.0.9 * fix issue with web seed connections when they close and re-open * fallocate() not supported is not a fatal error * fix proxying of IPv6 connections via IPv4 proxy * treat CGNAT address range as local IPs * add stricter checking of piece layers when loading torrents * add stricter checking of v1 and v2 hashes being consistent * cache failed DNS lookups as well as successful ones * add an i2p torrent state to control interactions with clear swarms * fix i2p SAM protocol parsing of quoted messages * expose i2p peer destination in peer_info * fix i2p tracker announces * fix issue with read_piece() stopping torrent on pieces not yet downloaded * improve handling of allow_i2p_mixed setting to work for magnet links * fix web seed request for renamed single-file torrents * fix issue where web seeds could disappear from resume data * extend save_resume with additional conditional flags * fix issue with retrying trackers in tiers > 0 * fix last_upload and last_download resume data fields to use posix time * improve error messages forno_connect_privileged_ports, by untangle it from the port filter * fix I2P issue introduced in 2.0.0 * add async tracker status query, post_trackers() * add async torrent status query, post_status() * support loading version 2 of resume data format * fix issue with odd piece sizes * add async piece availability query, post_piece_availability() * add async download queue query, post_download_queue() * add async file_progress query, post_file_progress() * add async peer_info query, post_peer_info() - Update to version 2.0.8 * fix uTP streams timing out instead of closing cleanly * add write_torrent_file_buf() overload for generating .torrent files * add create_torrent::generate_buf() function to generate into a buffer * fix copy_file when the file ends with a sparse region * uTP performance, fix packet loss when sending is stalled * fix trackers being stuck after session pause/resume * fix bug in hash_picker with empty files * uTP performance, prevent premature timeouts/resends * add option to not memory map files below a certain size * settings_pack now returns default values when queried for missing settings * fix copy_file fall-back when SEEK_HOL/SEEK_DATA is not supported * improve error reporting from file copy and move * tweak pad file placement to match reference implementation (tail-padding) * uTP performance, more lenient nagle's algorithm to always allow one outstanding undersized packet * uTP performance, piggy-back held back undersized packet with ACKs * uTP performance, don't send redundant deferred ACKs * support incoming SOCKS5 packets with hostnames as source address, for UDP trackers * ignore duplicate network interface change notifications on linux * fix total_want/want accounting when forcing a recheck * fix merging metadata with magnet links added on top of existing torrents * add torrent_flag todefault all file priorities to dont_download * fix &so= feature in magnet links * improve compatibility of SOCKS5 UDP ASSOCIATE * fix madvise range for flushing cache in mmap_storage * open files with no_cache set in O_SYNC mode - Update to version 2.0.7 * fix issue in use of copy_file_range() * avoid open-file race in the file_view_pool * fix issue where stop-when-ready would not close files * fix issue with duplicate hybrid torrent via separate v1 and v2 magnet links * added new function to load torrent files, load_torrent_*() * support sync_file_range() * fix issue in write_torrent_file() when file size is exactly piece size * fix file_num_blocks() and file_num_pieces() for empty files * add new overload to make_magnet_uri() * add missing protocol version to tracker_reply_alert and tracker_error_alert * fix privilege issue with SetFileValidData() * add asynchronous overload of torrent_handle::add_piece() * default to a single hashing thread, for full checks * Fix bug when checking files and the first piece is invalid Changes in qbittorrent, qbittorrent: - Update to version 4.6.2 Bug fixes: * Do not apply share limit if the previous one was applied * Show Add new torrent dialog on main window screen Web UI: * Fix JS memory leak * Disable stdout buffering for qbt-nox Wayland: * Fix parent widget of "Lock qBittorrent" submenu - Also fixes boo#1217677 (CVE-2023-30801, upstream reference gh#qbittorrent/qBittorrent#19738) - Update to version 4.6.1 New features: * Add option to enable previous Add new torrent dialog behavior Fixed bugs: * Prevent crash due to race condition when adding magnet link * Fix Enter key behavior when add new torrent * Add missing main window icon * Update size of selected files when selection is changed * Correctly handle changing save path of torrent w/o metadata *Use appropriate icon for "moving" torrents in transfer list Web UI: * Drop WebUI default credentials * Add I2P settings to WebUI * Fix duplicate scrollbar on Transfer List * Fix incorrect subcategory sorting * Correctly set save path in RSS rules * Allow to request torrents count via WebAPI * Improve performance of getting torrent numbers via WebAPI * Improve free disk space checking for WebAPI Misc: * Fix invisible tray icon with Qt5 in Linux - Update to version 4.6.0 New features: * Add (experimental) I2P support * Provide UI editor for the default theme * Various UI theming improvements * Implement torrent tags editing dialog * Revamp "Watched folder options" and "Automated RSS downloader" dialog * Allow to use another icons in dark mode * Allow to add new torrents to queue top * Allow to filter torrent list by save path * Expose 'socket send/receive buffer size' options * Expose 'max torrent file size' setting * Expose 'bdecode limits' settings * Add options to adjust behavior of merging trackers to existing torrent * Add option to stop seeding when torrent has been inactive * Allow to use proxy per subsystem * Expand the scope of "Proxy hostname lookup" option * Add shortcut for "Ban peer permanently" function * Add option to auto hide zero status filters * Allow to disable confirmation of Pause/Resume All * Add alternative shortcut CTRL+E for CTRL+F * Show filtered port numbers in logs * Add button to copy library versions to clipboard Bug fixes: * Ensure ongoing storage moving job will be completed when shutting down * Refactored many areas to call non UI blocking code * Various improvements to the SQLite backend * Improve startup window state handling * Use tray icon from system theme only if option is set * Inhibit system sleep while torrents are moving * Use hostname instead of domainname in tracker filter list * Visually validate input path in torrent creator dialog * Disable symlink resolving in Torrent creator * Change default value for `file pool size` and `stop tracker timeout` settings * Log when duplicate torrents are being added * Inhibit suspend instead of screen idle * Ensure file name is valid when exporting torrents * Open "Save path" if torrent has no metadata * Prevent torrent starting unexpectedly edge case with magnet * Better ergonomics of the "Add new torrent" dialog WebUI: * Add log viewer * WebAPI: Allow to specify session cookie name * Improve sync API performance * Add filelog settings * Add multi-file renaming * Add "Add to top of queue" option * Implement subcategories * Set "SameSite=None" if CSRF Protection is disabled * Show only hosts in tracker filter list * Set Connection status and Speed limits tooltips * set Cross Origin Opener Policy to `same-origin` * Fix response for HTTP HEAD method * Preserve the network interfaces when connection is down * Add "Add Tags" field for RSS rules * Fix missing error icon RSS: * Add "Rename rule" button to RSS Downloader * Allow to edit RSS feed URL * Allow to assign priority to RSS download rule Search: * Use python isolate mode * Bump python version minimum requirement to 3.7.0 Other: * Numerous code improvements and refactorings - Update to version 4.5.5 Bug fixes: * Fix transfer list tab hotkey * Don't forget to enable the Apply button in the Options dialog * Immediately update torrent status on moving files * Improve performance when scrolling the file list of large torrents * Don't operate on random torrents when multiple are selected and a sort/filter is applied RSS: * Fix overwriting feeds.json with an incomplete load of it - Update to version 4.5.4 Bug fixes: * Allowto disable confirmation of Pause/Resume All * Sync flag icons with upstream Web UI: * Fix category save path - Update to version 4.5.3 Bug fixes: * Correctly check if database needs to be updated * Prevent incorrect log message about torrent content deletion * Improve finished torrent handling * Correctly initialize group box children as disabled in Preferences * Don't miss saving "download path" in SQLite storage * Improve logging of running external program Web UI: * Disable UPnP for web UI by default * Use workaround for IOS file picker * Work around Chrome download limit * Improve 'exporting torrent' behavior - Update to version 4.5.2 Bug fixes: * Don't unexpectedly activate queued torrents when prefetching metadata for added magnets * Update the cached torrent state once recheck is started * Be more likely to allow the system to use power saving modes Web UI: * Migrate away from unsafe function * Blacklist bad ciphers for TLS in the server * Allow only TLS 1.2+ in the server * Allow to set read-only directory as torrent location * Reject requests that contain backslash in path RSS: * Prevent RSS folder from being moved into itself - Update to version 4.5.1 New features: * Re-allow to use icons from system theme Bug fixes: * Fix Speed limit icon size * Revise and fix some text colors * Correctly load folder based UI theme * Fix crash due to invalid encoding of tracker URLs * Don't drop !qB extension when renaming incomplete file * Correctly count the number of torrents in subcategories * Use "additional trackers" when metadata retrieving * Apply correct tab order to Category options dialog * Add all torrents passed via the command line * Fix startup performance on Qt5 * Automatic move will now overwrite existing files * Some fixes for loading Chinese locales *New Pause icon color for toolbar/menu * Adjust env variable for PDB discovery Web UI: * Fix missing "queued" icon * Return paths using platform-independent separator format * Change order of accepted types of file input * Add missing icons * Add "Resume data storage type" option * Make rename file dialog resizable * Prevent incorrect line breaking * Improve hotkeys * Remove suggestions while searching for torrents * Expose "IS PRIVATE" flag * Return name/hash/infohash_v1/infohash_v2 torrent properties Other: * Fix tray icon issues - Update to version 4.5.0 New features: * Add `Auto resize columns` functionality * Allow to use Category paths in `Manual` mode * Allow to disable Automatic mode when default "temp" path changed * Add tuning options related to performance warnings * Add right click menu for status filters * Allow setting the number of maximum active checking torrents * Add option to toggle filters sidebar * Allow to set `working set limit` on non-Windows OS * Add `Export .torrent` action * Add keyboard navigation keys * Allow to use POSIX-compliant disk IO type * Add `Filter files` field in new torrent dialog * Implement new icon/color theme * Add file name filter/blacklist * Add support for custom SMTP ports * Split the OS cache settings into Disk IO read/write modes * When duplicate torrent is added set metadata to existing one * Greatly improve startup time with many torrents * Add keyboard shortcut to Download URL dialog * Add ability to run external program on torrent added * Add infohash and download path columns * Allow to set torrent stop condition * Add a `Moving` status filter * Change color palettes for both dark, light themes * Add a `Use proxy for hostname lookup` option * Introduce a `change listen port` cmd option * Implement `Peer ID Client` column for `Peers` tab * Add port forwarding option for embedded tracker Bug fixes: * Store hybrid torrents using `torrent ID` as basename * Enable Combobox editor for the `Mixed` file download priority * Allow shortcut folders for the Open and Save directory dialogs * Rename content tab `Size` column to `Total Size` * Fix scrolling to the lowermost visible torrent * Allow changing file priorities for finished torrents * Focus save path when Manual mode is selected initially * Disable force reannounce when it is not possible * Add horizontal scrolling for tracker list and torrent content * Enlarge "speed limits" icons * Change Downloaded to Times Downloaded in trackers tab * Remove artificial max limits from `Torrent Queueing` related options * Preserve `skip hash check` when there is no metadata * Fix DHT/PeX/LSD status when it is globally disabled * Fix rate calculation when interval is too low * Add tooltip message when system tray icon isn't available * Improve sender field in mail notifications * Fix "Add torrent dialog" spill-over on smaller screens * Fix peer count issue when tracker responds with zero figure * Don't merge trackers by default * Don't inhibit system sleep/auto shutdown for torrents stuck at downloading metadata * Allow to pause a checking torrent from context menu * Allow to use subnet notation in reverse proxy list * Fine tune translations loading for Chinese locales * Fix torrent content checkboxes not updated properly * Correctly load state of `Use another path for incomplete torrents` in Watched folders * Add confirmation to resume/pause all * Fix wrong count of errored trackers WebUI: * Allow blank lines in multipart form-data input * Make various dialogs resizable * Fix wrong v2 hash string displayed * WebAPI: return correct status * Fix empty selection in language combobox * Store WebUI port settingin human readable number * Add support for exporting .torrent * WebAPI: Add endpoint to set speed limit mode * Improve progress bar rendering * Add transfer list refresh interval settings * Use natural sort * Apply i18n translation only to built-in WebUI * Alert when HTTPS settings are incomplete * Handle drag and drop events * Fix wrong behavior for shutdown action * Don't disable combobox for file priority RSS: * Increase limit of maximum number of articles per feed Other: * Mark as single window app in .desktop file * Add Dockerfile * Remove option of using icons from system theme - Update to version 4.4.5 Bug fixes: * Fix missing trackers when adding magnet link. Affects libtorrent 2.0.x builds. - Update to version 4.4.4. * Improve D-Bus notifications handling Bug fixes: * Correctly handle data decompression with Qt 6.3 * Fix wrong file names displayed in tooltip * Fix incorrect "max outgoing port" setting * Make working set limit available only on libtorrent 2.0.x builds * Try to recover missing tags RSS: * Clear RSS parsing error after use Web API: * Set HTTP method restriction on WebAPI actions - Update to version 4.4.3.1 Bug fixes: * Fix broken translations - Update to version 4.4.3 Bug fixes: * Correctly handle changing of temp save path * Fix storage in SQLite * Correctly apply content layout when "Skip hash check" is enabled * Don't corrupt IDs of v2 torrents * Reduce the number of hashing threads by default (improves hashing speed on HDDs) * Prevent the "update dialog" from blocking input on other windows * Add trackers in exported .torrent files * Fix wrong GUI behavior in "Optional IP address to bind to" setting Web UI: * Fix WebUI crash due to missing tags from config * Show correct location path Patch Instructions: To install thisopenSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-391=1 - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-391=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): libtorrent-rasterbar-debuginfo-2.0.9-bp155.2.3.1 libtorrent-rasterbar-debugsource-2.0.9-bp155.2.3.1 libtorrent-rasterbar-devel-2.0.9-bp155.2.3.1 libtorrent-rasterbar2_0-2.0.9-bp155.2.3.1 libtorrent-rasterbar2_0-debuginfo-2.0.9-bp155.2.3.1 python3-libtorrent-rasterbar-2.0.9-bp155.2.3.1 python3-libtorrent-rasterbar-debuginfo-2.0.9-bp155.2.3.1 - openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64): qbittorrent-4.6.2-bp155.2.3.1 qbittorrent-debuginfo-4.6.2-bp155.2.3.1 qbittorrent-debugsource-4.6.2-bp155.2.3.1 qbittorrent-nox-4.6.2-bp155.2.3.1 qbittorrent-nox-debuginfo-4.6.2-bp155.2.3.1 - openSUSE Backports SLE-15-SP5 (noarch): libtorrent-rasterbar-doc-2.0.9-bp155.2.3.1 - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): libtorrent-rasterbar-devel-2.0.9-bp154.3.3.1 libtorrent-rasterbar2_0-2.0.9-bp154.3.3.1 python3-libtorrent-rasterbar-2.0.9-bp154.3.3.1 qbittorrent-4.6.2-bp154.3.3.1 qbittorrent-debuginfo-4.6.2-bp154.3.3.1 qbittorrent-debugsource-4.6.2-bp154.3.3.1 qbittorrent-nox-4.6.2-bp154.3.3.1 qbittorrent-nox-debuginfo-4.6.2-bp154.3.3.1 - openSUSE Backports SLE-15-SP4 (noarch): libtorrent-rasterbar-doc-2.0.9-bp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2023-30801.html https://bugzilla.suse.com/1217677 . Critical update released for openSUSE addressing a libtorrent and qbittorrent flaw labeled with ID 2023:0391-1.. openSUSE Security, libtorrent fix, qbittorrent update, securitypatch, system update. . LinuxSecurity.com Team

Calendar%202 Dec 07, 2023 OpenSUSE
89

Fedora 38: 2023-185f3e8ad7 critical: default access keys in qbittorrent

- Update. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-185f3e8ad7 2023-11-30 03:33:42.162769 -------------------------------------------------------------------------------- Name : qbittorrent Product : Fedora 38 Version : 4.6.1 Release : 1.fc38 URL : https://www.qbittorrent.org Summary : A Bittorrent Client Description : A Bittorrent client using rb_libtorrent and a Qt6 Graphical User Interface. It aims to be as fast as possible and to provide multi-OS, unicode support. -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 21 2023 Leigh Scott - 1:4.6.1-1 - Update to 4.6.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250750 - qbittorrent-4.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2250750 [ 2 ] Bug #2251628 - CVE-2023-30801 qbittorrent: default credentials allowed by default [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2251628 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-185f3e8ad7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Ubuntu Security Notice concerning transmission addresses default password flaw in version 3.0.4 update.. qbittorrent update,Fedora 38,software patch. . LinuxSecurity.com Team

Calendar%202 Nov 30, 2023 Fedora
89

Fedora 39: 2023-1bbfc445a2 critical: qbittorrent default credentials

- Update. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-1bbfc445a2 2023-11-30 03:29:42.580348 -------------------------------------------------------------------------------- Name : qbittorrent Product : Fedora 39 Version : 4.6.1 Release : 1.fc39 URL : https://www.qbittorrent.org Summary : A Bittorrent Client Description : A Bittorrent client using rb_libtorrent and a Qt6 Graphical User Interface. It aims to be as fast as possible and to provide multi-OS, unicode support. -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 21 2023 Leigh Scott - 1:4.6.1-1 - Update to 4.6.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250750 - qbittorrent-4.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2250750 [ 2 ] Bug #2251628 - CVE-2023-30801 qbittorrent: default credentials allowed by default [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2251628 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-1bbfc445a2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Discover the latest Fedora version showcasing qbittorrent 4.6.1, crafted to tackle significant security vulnerabilities and enhance overall performance.. Fedora Update,qbittorrent Client,Security Patch,Linux Software Update. . LinuxSecurity.com Team

Calendar%202 Nov 30, 2023 Fedora
87

Debian: DSA-4651-1 Urgent: transmission Security Flaw Exploitation

Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4650-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qbittorrent CVE ID : CVE-2019-13640 Debian Bug : 932539 Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if qbittorrent is configured to run an external program on torrent completion. For the oldstable distribution (stretch), this problem has been fixed in version 3.3.7-3+deb9u1. For the stable distribution (buster), this problem has been fixed in version 4.1.5-1+deb10u1. We recommend that you upgrade your qbittorrent packages. For the detailed security status of qbittorrent please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/qbittorrent Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Important update: Debian DSA-4650-1 fixes a critical command injection vulnerability in qbittorrent that could potentially allow for remote code execution.. qbittorrent update,debian security command injection,remote execution malware. . LinuxSecurity.com Team

Calendar%202 Apr 02, 2020 Debian
89

Fedora 29: FEDORA-2019-ce6c6de3cc Moderate: qbittorrent Update 4.1.7

Update to 4.1.7. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-ce6c6de3cc 2019-09-19 01:51:58.382510 --------------------------------------------------------------------------------Name : qbittorrent Product : Fedora 29 Version : 4.1.7 Release : 1.fc29 URL : https://www.qbittorrent.org/ Summary : A Bittorrent Client Description : A Bittorrent client using rb_libtorrent and a Qt4 Graphical User Interface. It aims to be as fast as possible and to provide multi-OS, unicode support. --------------------------------------------------------------------------------Update Information: Update to 4.1.7 --------------------------------------------------------------------------------ChangeLog: * Mon Aug 5 2019 Leigh Scott - 1:4.1.7-1 - Update to 4.1.7 - Drop unused patch * Tue May 7 2019 Leigh Scott - 1:4.1.6-1 - Update to 4.1.6 * Thu Jan 31 2019 Kalev Lember - 1:4.1.5-2 - Rebuilt for Boost 1.69 * Tue Jan 8 2019 Charalampos Stratakis - 1:4.1.5-1 - Update to 4.1.5 * Mon Oct 1 2018 Leigh Scott - 1:4.1.3-1 - Update to 4.1.3 --------------------------------------------------------------------------------References: [ 1 ] Bug #1706650 - qbittorrent-4.1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1706650 [ 2 ] Bug #1731075 - CVE-2019-13640 qbittorrent: command injection in function Application::runExternalProgram() in app/application.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1731075 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-ce6c6de3cc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . A new version 4.1.7 of qbittorrent has been launched for Fedora 29, effectively tackling command injection vulnerabilities.. qbittorrent Update,Fedora Update,Software Fix,Command Injection. . LinuxSecurity.com Team

Calendar%202 Sep 18, 2019 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200