Advisories » MGASA-2015-0428

Updated libtorrent-rasterbar packages fixes security vulnerability

Publication date: 05 Nov 2015
Modification date: 05 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5685

Description

The lazy_bdecode function in BitTorrent DHT bootstrap server
(bootstrap-dht ) allows remote attackers to execute arbitrary code via a
crafted packet, related to "improper indexing." Note while this CVE was
reported against BitTorrent DHT Bootstrapt server, the same vulnerable
code is available in libtorrent-rasterbar (CVE-2015-5685).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16795
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797046
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5685

SRPMS

5/core

• libtorrent-rasterbar-0.16.18-1.1.mga5