[SECURITY] [DLA 511-1] libtorrent-rasterbar security update

2016-06-1108:20:00

lists.debian.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON

Package : libtorrent-rasterbar
Version : 0.15.10-1+deb7u1
CVE ID : CVE-2016-5301
Debian Bug : 826380

A specially crafted HTTP response from a tracker (or potentially a UPnP
broadcast) can crash libtorrent in the parse_chunk_header() function.
Although this function is not present in this version, upstream's
additional sanity checks were added to abort the program if necessary
instead of crashing it.

For Debian 7 "Wheezy", these problems have been fixed in version
0.15.10-1+deb7u1.

We recommend that you upgrade your libtorrent-rasterbar packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian7armhfpython-libtorrent-dbg< 0.15.10-1+deb7u1python-libtorrent-dbg_0.15.10-1+deb7u1_armhf.deb
Debian7i386libtorrent-rasterbar-dbg< 0.15.10-1+deb7u1libtorrent-rasterbar-dbg_0.15.10-1+deb7u1_i386.deb
Debian7i386libtorrent-rasterbar6< 0.15.10-1+deb7u1libtorrent-rasterbar6_0.15.10-1+deb7u1_i386.deb
Debian7armhflibtorrent-rasterbar-dbg< 0.15.10-1+deb7u1libtorrent-rasterbar-dbg_0.15.10-1+deb7u1_armhf.deb
Debian7armellibtorrent-rasterbar-dev< 0.15.10-1+deb7u1libtorrent-rasterbar-dev_0.15.10-1+deb7u1_armel.deb
Debian7armelpython-libtorrent< 0.15.10-1+deb7u1python-libtorrent_0.15.10-1+deb7u1_armel.deb
Debian7armellibtorrent-rasterbar-dbg< 0.15.10-1+deb7u1libtorrent-rasterbar-dbg_0.15.10-1+deb7u1_armel.deb
Debian7armhflibtorrent-rasterbar-dev< 0.15.10-1+deb7u1libtorrent-rasterbar-dev_0.15.10-1+deb7u1_armhf.deb
Debian7i386python-libtorrent< 0.15.10-1+deb7u1python-libtorrent_0.15.10-1+deb7u1_i386.deb
Debian7alllibtorrent-rasterbar-doc< 0.15.10-1+deb7u1libtorrent-rasterbar-doc_0.15.10-1+deb7u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armhf	python-libtorrent-dbg	< 0.15.10-1+deb7u1	python-libtorrent-dbg_0.15.10-1+deb7u1_armhf.deb
Debian	7	i386	libtorrent-rasterbar-dbg	< 0.15.10-1+deb7u1	libtorrent-rasterbar-dbg_0.15.10-1+deb7u1_i386.deb
Debian	7	i386	libtorrent-rasterbar6	< 0.15.10-1+deb7u1	libtorrent-rasterbar6_0.15.10-1+deb7u1_i386.deb
Debian	7	armhf	libtorrent-rasterbar-dbg	< 0.15.10-1+deb7u1	libtorrent-rasterbar-dbg_0.15.10-1+deb7u1_armhf.deb
Debian	7	armel	libtorrent-rasterbar-dev	< 0.15.10-1+deb7u1	libtorrent-rasterbar-dev_0.15.10-1+deb7u1_armel.deb
Debian	7	armel	python-libtorrent	< 0.15.10-1+deb7u1	python-libtorrent_0.15.10-1+deb7u1_armel.deb
Debian	7	armel	libtorrent-rasterbar-dbg	< 0.15.10-1+deb7u1	libtorrent-rasterbar-dbg_0.15.10-1+deb7u1_armel.deb
Debian	7	armhf	libtorrent-rasterbar-dev	< 0.15.10-1+deb7u1	libtorrent-rasterbar-dev_0.15.10-1+deb7u1_armhf.deb
Debian	7	i386	python-libtorrent	< 0.15.10-1+deb7u1	python-libtorrent_0.15.10-1+deb7u1_i386.deb
Debian	7	all	libtorrent-rasterbar-doc	< 0.15.10-1+deb7u1	libtorrent-rasterbar-doc_0.15.10-1+deb7u1_all.deb