openSUSE 15 Security Update : libtorrent-rasterbar, qbittorrent (openSUSE-SU-2023:0391-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0391-1 advisory. - All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to...

Debian: Security Advisory (DLA-511-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-312-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4790-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0234)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0364)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0320)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4790-1: libtorrent vulnerability

It was discovered that libtorrent incorrectly handled chunked headers. A remote attacker could possibly use this to cause a crash resulting in a denial of service...

openSUSE: Security Advisory for deluge (openSUSE-SU-2017:1497-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : deluge (openSUSE-2017-656)

This update for deluge fixes two security issues : - CVE-2017-9031: A remote attacker may have used a directory traversal vulnerability in the web interface bsc1039815 - CVE-2017-7178: A remote attacher could have exploited a CSRF vulnerability to trick a logged-in user to perform actions in the...

Applications using libtorrent-rasterbar are vulnerable to denial of service

Applications using libtorrent-rasterbar are vulnerable to denial of service. An attacker-controlled torrent tracker can crash victim torrent clients by sending malformed GZIP responses CVE-2016-7164...

openSUSE Security Update : libtorrent-rasterbar (openSUSE-2016-1074)

This update for libtorrent-rasterbar fixes the following issues : - Update to version 1.0.10 : - Fix inverted priority of incoming piece suggestions. - Fix a crash on invalid input in httpparser. - Add a new 'preformatted' type to bencode entry variant type. - Fix division by zero in super-seedin...

libtorrent-rasterbar: denial of service

A bug has been found in the libtorrent-rasterbar code handling GZIP-encoded responses from a tracker, where malformed responses could lead to a crash...

FreeBSD : libtorrent-rasterbar -- denial of service (093584f2-3f14-11e6-b3c8-14dae9d210b8)

Brandon Perry reports : The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

openSUSE Security Update : libtorrent-rasterbar (openSUSE-2016-774)

This update for libtorrent-rasterbar fixes the following issues : - CVE-2016-5301: Crash on invalid input in httpparser could have allowed a remote attacker to perform a denial of service attack boo983228. In addition, the package was updated to 1.0.9 / 1.16.19, fixing various upstream bugs...

openSUSE Security Update : libtorrent-rasterbar (openSUSE-2016-751)

This update for libtorrent-rasterbar fixes the following issues : - CVE-2016-5301: Crash on invalid input in httpparser could have allowed a remote attacker to perform a denial of service attack boo983228. In addition, the package was updated to 1.0.9 / 1.16.19, fixing various upstream bugs...

Debian DLA-511-1 : libtorrent-rasterbar security update

A specially crafted HTTP response from a tracker or potentially a UPnP broadcast can crash libtorrent in the parsechunkheader function. Although this function is not present in this version, upstream's additional sanity checks were added to abort the program if necessary instead of crashing it. F...

[SECURITY] [DLA 511-1] libtorrent-rasterbar security update

Package : libtorrent-rasterbar Version : 0.15.10-1+deb7u1 CVE ID : CVE-2016-5301 Debian Bug : 826380 A specially crafted HTTP response from a tracker or potentially a UPnP broadcast can crash libtorrent in the parsechunkheader function. Although this function is not present in this version,...

DLA-511-1 libtorrent-rasterbar - security update

Bulletin has no description...

libtorrent-rasterbar -- denial of service

Brandon Perry reports: The parsechunkheader function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service crash via a crafted 1 HTTP response or possibly a 2 UPnP broadcast...