| |||||||||||||
Slackware alert SSA:2007-093-02 (ktorrent)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ktorrent (SSA:2007-093-02) New ktorrent packages are available for Slackware 11.0 and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385 Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ patches/packages/ktorrent-2.1.3-i486-1_slack11.0.tgz: Upgraded to ktorrent-2.1.3. A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may allow remote attackers to overwrite the ktorrent user's files. A bug in chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash ktorrent and cause heap corruption by the use of an invalid idx value. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patc... Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/e... MD5 signatures: +-------------+ Slackware 11.0 package: 1917c267334e4b90ab04c58b1f2ff338 ktorrent-2.1.3-i486-1_slack11.0.tgz Slackware -current package: 64c4d3bf516aebe96b6591ab75c2aeb9 ktorrent-2.1.3-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ktorrent-2.1.3-i486-1_slack11.0.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGEroCakRjwEAQIjMRAgysAJ4tvNC0z7sEBgmUSZNvN+fdwus2hQCffJ3z SziSDsKFDhjEsSH4LkiwteU= =FwV5 -----END PGP SIGNATURE----- (Log in to post comments)
|
|||||||||||||