Advisories » MGASA-2016-0234

Updated libtorrent-rasterbar packages fix security vulnerability

Publication date: 05 Jul 2016
Modification date: 05 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5301

Description

A specially crafted HTTP response from a tracker (or potentially a UPnP
broadcast) can crash libtorrent-rasterbar in the parse_chunk_header()
function. Although this function is not present in this version,
upstream's additional sanity checks were added to abort the program if
necessary instead of crashing it (CVE-2016-5301).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18624
• http://lwn.net/Alerts/691074/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5301

SRPMS

5/core

• libtorrent-rasterbar-0.16.18-1.2.mga5