Advisories » MGASA-2017-0449

Updated deluge packages fix security vulnerability

Publication date: 16 Dec 2017
Modification date: 16 Dec 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9031

Description

The WebUI component in Deluge before 1.3.15 contains a directory traversal
vulnerability involving a request in which the name of the render file is
not associated with any template file(CVE-2017-9031).

Updated deluge package adds systemd services required to autostart deluge
daemon and web services. Note that these services not enabled by default.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20895
• http://openwall.com/lists/oss-security/2017/05/18/9
• https://www.debian.org/security/2017/dsa-3856
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9031

SRPMS

5/core

• deluge-1.3.11-1.3.mga5