MDVSA-2009:139

Package name

libtorrent-rasterbar

Date

2009-06-24

Advisory ID

MDVSA-2009:139

Affected versions

2009.1 i586 , 2009.1 x86_64

Problem description

A security vulnerability has been identified and corrected in
libtorrent-rasterbar:

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar
libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge
Torrent, and other applications, allows remote attackers to create
or overwrite arbitrary files via a .. (dot dot) and partial relative
pathname in a Multiple File Mode list element in a .torrent file
(CVE-2009-1760).

The updated packages have been patched to prevent this.

Updated packages

2009.1 i586

 018c83239c8d6d257e8f722abaf73ac4  2009.1/i586/libtorrent-rasterbar1-0.14.1-4.1mdv2009.1.i586.rpm
 af514bb4fd8ff292d769ee200d1ca5f7  2009.1/i586/libtorrent-rasterbar-devel-0.14.1-4.1mdv2009.1.i586.rpm
 26ef9d0a438bb34e12c301d25682c7c5  2009.1/i586/python-libtorrent-rasterbar-0.14.1-4.1mdv2009.1.i586.rpm 
 be0c5e47f7a9205785bea2cb8e879c77  2009.1/SRPMS/libtorrent-rasterbar-0.14.1-4.1mdv2009.1.src.rpm

2009.1 x86_64

 0d5fd577ea535f7f440f11b172d2a5f3  2009.1/x86_64/lib64torrent-rasterbar1-0.14.1-4.1mdv2009.1.x86_64.rpm
 ddd105e9179360e4c6c5fb77cc2635db  2009.1/x86_64/lib64torrent-rasterbar-devel-0.14.1-4.1mdv2009.1.x86_64.rpm
 bd3517f878999688492af5e93080df93  2009.1/x86_64/python-libtorrent-rasterbar-0.14.1-4.1mdv2009.1.x86_64.rpm 
 be0c5e47f7a9205785bea2cb8e879c77  2009.1/SRPMS/libtorrent-rasterbar-0.14.1-4.1mdv2009.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1760