Advisories » MGASA-2016-0320

Applications using libtorrent-rasterbar are vulnerable to denial of service

Publication date: 25 Sep 2016
Modification date: 25 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7164

Description

Applications using libtorrent-rasterbar are vulnerable to denial of service.
An attacker-controlled torrent tracker can crash victim torrent clients by
sending malformed GZIP responses (CVE-2016-7164).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19313
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7164
• http://www.openwall.com/lists/oss-security/2016/09/08/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7164

SRPMS

5/core

• libtorrent-rasterbar-0.16.18-1.3.mga5