[SECURITY] [DLA 2218-1] transmission security update

2020-05-2417:34:54

lists.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.011

Percentile

84.2%

JSON

Package : transmission
Version : 2.84-0.2+deb8u2
CVE ID : CVE-2018-10756

Tom Richards reported that by using a crafted torrent file one could cause
a use-after-free, which might result in a denial of service (crash) or
possible execution of arbitrary code.

For Debian 8 "Jessie", this problem has been fixed in version
2.84-0.2+deb8u2.

We recommend that you upgrade your transmission packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9i386transmission-cli< 2.92-2+deb9u2transmission-cli_2.92-2+deb9u2_i386.deb
Debian10s390xtransmission-cli< 2.94-2+deb10u1transmission-cli_2.94-2+deb10u1_s390x.deb
Debian10s390xtransmission-cli-dbgsym< 2.94-2+deb10u1transmission-cli-dbgsym_2.94-2+deb10u1_s390x.deb
Debian9armeltransmission-gtk< 2.92-2+deb9u2transmission-gtk_2.92-2+deb9u2_armel.deb
Debian8armeltransmission-gtk< 2.84-0.2+deb8u2transmission-gtk_2.84-0.2+deb8u2_armel.deb
Debian8i386transmission-cli< 2.84-0.2+deb8u2transmission-cli_2.84-0.2+deb8u2_i386.deb
Debian8armeltransmission-daemon< 2.84-0.2+deb8u2transmission-daemon_2.84-0.2+deb8u2_armel.deb
Debian10mipseltransmission-gtk< 2.94-2+deb10u1transmission-gtk_2.94-2+deb10u1_mipsel.deb
Debian10mips64eltransmission-cli-dbgsym< 2.94-2+deb10u1transmission-cli-dbgsym_2.94-2+deb10u1_mips64el.deb
Debian9arm64transmission-qt< 2.92-2+deb9u2transmission-qt_2.92-2+deb9u2_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	i386	transmission-cli	< 2.92-2+deb9u2	transmission-cli_2.92-2+deb9u2_i386.deb
Debian	10	s390x	transmission-cli	< 2.94-2+deb10u1	transmission-cli_2.94-2+deb10u1_s390x.deb
Debian	10	s390x	transmission-cli-dbgsym	< 2.94-2+deb10u1	transmission-cli-dbgsym_2.94-2+deb10u1_s390x.deb
Debian	9	armel	transmission-gtk	< 2.92-2+deb9u2	transmission-gtk_2.92-2+deb9u2_armel.deb
Debian	8	armel	transmission-gtk	< 2.84-0.2+deb8u2	transmission-gtk_2.84-0.2+deb8u2_armel.deb
Debian	8	i386	transmission-cli	< 2.84-0.2+deb8u2	transmission-cli_2.84-0.2+deb8u2_i386.deb
Debian	8	armel	transmission-daemon	< 2.84-0.2+deb8u2	transmission-daemon_2.84-0.2+deb8u2_armel.deb
Debian	10	mipsel	transmission-gtk	< 2.94-2+deb10u1	transmission-gtk_2.94-2+deb10u1_mipsel.deb
Debian	10	mips64el	transmission-cli-dbgsym	< 2.94-2+deb10u1	transmission-cli-dbgsym_2.94-2+deb10u1_mips64el.deb
Debian	9	arm64	transmission-qt	< 2.92-2+deb9u2	transmission-qt_2.92-2+deb9u2_arm64.deb