Transmission: Multiple vulnerabilities — GLSA 201006-06

Stack-based buffer overflows in Transmission may allow for remote execution of arbitrary code.

Affected Packages

net-p2p/transmission on all architectures
Affected versions < 1.92
Unaffected versions >= 1.92

Background

Transmission is a cross-platform BitTorrent client.

Description

Multiple stack-based buffer overflows in the tr_magnetParse() function in libtransmission/magnet.c have been discovered.

Impact

A remote attacker could cause a Denial of Service or possibly execute arbitrary code via a crafted magnet URL with a large number of tr or ws links.

Workaround

There is no known workaround at this time.

Resolution

All Transmission users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-p2p/transmission-1.92"

References

Release Date
June 01, 2010

Latest Revision
June 01, 2010: 01

Severity
normal

Exploitable
remote

Bugzilla entries