Explore top 10 tips to secure your open-source projects now. Read More
×An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for transmission ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0237-1 Rating: moderate References: #1267404 Cross-References: CVE-2026-38978 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for transmission fixes the following issues: - CVE-2026-38978: add clickjack safeguards when serving http responses (boo#1267404). - Update to 4.0.6: + Improved parsing HTTP tracker announce response. (#6223) + Fixed 4.0.0 bug that caused some user scripts to have an invalid TR_TORRENT_TRACKERS environment variable. (#6434) + Fixed 4.0.0 bug where alt-speed-enabled had no effect in settings.json. (#6483) + Fixed 4.0.0 bug where the GTK client's "Use authentication" option was not saved between's sessions. (#6514) + Fixed 4.0.0 bug where the filename for single-file torrents aren't sanitized. (#6846) + Fixed 4.0.0 bug where piece size description text and slider state in torrent creation dialog are not always up-to-date. + Fixed build when compiling with GTKMM 4. (#6393) + Added the launchable desktop-id to metainfo files. (#6779) + Fixed build when compiling on BSD. (#6812) + Fixed a 4.0.0 bug where the infinite ratio symbol was displayed incorrectly in the WebUI. (#6491, #6500) + Fixed layout issue in speed display. (#6570) + General UI improvement related to filterbar and fixes download/upload speed info wrap. (#6761) + Fixed a couple of logging issues. (#6463) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-237=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64): transmission-4.0.6-bp157.2.3.1 transmission-daemon-4.0.6-bp157.2.3.1 transmission-gtk-4.0.6-bp157.2.3.1 transmission-qt-4.0.6-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (noarch): system-user-transmission-4.0.6-bp157.2.3.1 transmission-common-4.0.6-bp157.2.3.1 transmission-gtk-lang-4.0.6-bp157.2.3.1 transmission-qt-lang-4.0.6-bp157.2.3.1 References: https://www.suse.com/security/cve/CVE-2026-38978.html https://bugzilla.suse.com/1267404 . Transmission update for openSUSE resolves CVE-2026-38978, enhancing security against clickjacking attacks.. opensuse security update, transmission update, CVE-2026-38978, clickjack safeguards, moderate severity advisory. . Severity: moderate. LinuxSecurity.com Team
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for transmission ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21189-1 Rating: moderate References: * bsc#1267404 Cross-References: * CVE-2026-38978 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for transmission fixes the following issues: Changes in transmission: - CVE-2026-38978: add clickjack safeguards when serving http responses (bsc#1267404). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-384=1 Package List: - openSUSE Leap 16.0: system-user-transmission-4.0.6-bp160.2.1 transmission-4.0.6-bp160.2.1 transmission-common-4.0.6-bp160.2.1 transmission-daemon-4.0.6-bp160.2.1 transmission-gtk-4.0.6-bp160.2.1 transmission-gtk-lang-4.0.6-bp160.2.1 transmission-qt-4.0.6-bp160.2.1 transmission-qt-lang-4.0.6-bp160.2.1 References: * https://www.suse.com/security/cve/CVE-2026-38978.html . Transmission update for openSUSE Leap 16.0 fixes a moderate vulnerability and includes a bug fix. Install it now!. openSUSE, transmission update, CVE-2026-38978. . Severity: moderate. LinuxSecurity.com Team
Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938) Fixed a use-after-free bug in peer code. (#8921) Fixed build error when compiling with fmt 12.2.0. (#8942). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0c067e5040 2026-07-02 01:05:29.984018+00:00 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 44 Version : 4.1.3 Release : 1.fc44 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938) Fixed a use-after-free bug in peer code. (#8921) Fixed build error when compiling with fmt 12.2.0. (#8942) -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 30 2026 Gwyn Ciesla - 4.1.3-1 - 4.1.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494743 - transmission-4.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494743 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0c067e5040' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Transmission could allow unintended actions if a user visited a malicious website.. ========================================================================== Ubuntu Security Notice USN-8404-1 June 08, 2026 transmission vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Transmission could allow unintended actions if a user visited a malicious website. Software Description: - transmission: lightweight BitTorrent client Details: It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS transmission 4.1.1+dfsg-1ubuntu1.1 transmission-daemon 4.1.1+dfsg-1ubuntu1.1 Ubuntu 25.10 transmission 4.1.0~beta2+dfsg-3ubuntu1.1 transmission-daemon 4.1.0~beta2+dfsg-3ubuntu1.1 Ubuntu 24.04 LTS transmission 4.0.5-1ubuntu0.1 transmission-daemon 4.0.5-1ubuntu0.1 Ubuntu 22.04 LTS transmission 3.00-2ubuntu2.2 transmission-daemon 3.00-2ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8404-1 CVE-2026-38978 Package Information: https://launchpad.net/ubuntu/+source/transmission/4.1.1+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/transmission/4.1.0~beta2+dfsg-3ubuntu1.1 https://launchpad.net/ubuntu/+source/transmission/4.0.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/transmission/3.00-2ubuntu2.2 . Transmission has a clickjacking flaw; users could be tricked into unintended actions.. Ubuntu TransmissionClickjacking Update. . Severity: Important. LinuxSecurity.com Team
Transmission could allow unintended actions if a user visited a malicious website.. ========================================================================== Ubuntu Security Notice USN-8404-1 June 08, 2026 transmission vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Transmission could allow unintended actions if a user visited a malicious website. Software Description: - transmission: lightweight BitTorrent client Details: It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS transmission 4.1.1+dfsg-1ubuntu1.1 transmission-daemon 4.1.1+dfsg-1ubuntu1.1 Ubuntu 25.10 transmission 4.1.0~beta2+dfsg-3ubuntu1.1 transmission-daemon 4.1.0~beta2+dfsg-3ubuntu1.1 Ubuntu 24.04 LTS transmission 4.0.5-1ubuntu0.1 transmission-daemon 4.0.5-1ubuntu0.1 Ubuntu 22.04 LTS transmission 3.00-2ubuntu2.2 transmission-daemon 3.00-2ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8404-1 CVE-2026-38978 Package Information: https://launchpad.net/ubuntu/+source/transmission/4.1.1+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/transmission/4.1.0~beta2+dfsg-3ubuntu1.1 https://launchpad.net/ubuntu/+source/transmission/4.0.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/transmission/3.00-2ubuntu2.2 . Transmission in Ubuntu exposes users to clickjacking attacks; updates are essential for vulnerability mitigation..Ubuntu Transmission Clickjacking Attack Update. . Severity: Important. LinuxSecurity.com Team
4.1.2, fix for CVE-2026-38978. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c032fac814 2026-06-05 04:25:00.359120+00:00 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 44 Version : 4.1.2 Release : 1.fc44 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: 4.1.2, fix for CVE-2026-38978 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Gwyn Ciesla - 4.1.2-1 - 4.1.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483871 - transmission-4.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2483871 [ 2 ] Bug #2484367 - CVE-2026-38978 transmission: Transmission: Clickjacking weakness in WebUI and RPC response paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484367 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c032fac814' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
4.1.2, fix for CVE-2026-38978. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-893c99f61c 2026-06-05 04:07:33.980067+00:00 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 43 Version : 4.1.2 Release : 1.fc43 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: 4.1.2, fix for CVE-2026-38978 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Gwyn Ciesla - 4.1.2-1 - 4.1.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483871 - transmission-4.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2483871 [ 2 ] Bug #2484367 - CVE-2026-38978 transmission: Transmission: Clickjacking weakness in WebUI and RPC response paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484367 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-893c99f61c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
4.1.2, fix for CVE-2026-38978. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c032fac814 2026-06-05 04:25:00.359120+00:00 -------------------------------------------------------------------------------- Name : transmission Product : Fedora 44 Version : 4.1.2 Release : 1.fc44 URL : http://www.transmissionbt.com Summary : A lightweight GTK+ BitTorrent client Description : Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end. -------------------------------------------------------------------------------- Update Information: 4.1.2, fix for CVE-2026-38978 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Gwyn Ciesla - 4.1.2-1 - 4.1.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2483871 - transmission-4.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2483871 [ 2 ] Bug #2484367 - CVE-2026-38978 transmission: Transmission: Clickjacking weakness in WebUI and RPC response paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484367 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c032fac814' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Get the latest Linux and open source security news straight to your inbox.