Transmission: Multiple vulnerabilities

2010-06-01T00:00:00
ID GLSA-201006-06
Type gentoo
Reporter Gentoo Foundation
Modified 2010-06-01T00:00:00

Description

Background

Transmission is a cross-platform BitTorrent client.

Description

Multiple stack-based buffer overflows in the tr_magnetParse() function in libtransmission/magnet.c have been discovered.

Impact

A remote attacker could cause a Denial of Service or possibly execute arbitrary code via a crafted magnet URL with a large number of tr or ws links.

Workaround

There is no known workaround at this time.

Resolution

All Transmission users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-p2p/transmission-1.92"