Stack-based buffer overflows in Transmission may allow for remote execution of arbitrary code.
|Package||net-p2p/transmission on all architectures|
|Affected versions||< 1.92|
|Unaffected versions||>= 1.92|
Transmission is a cross-platform BitTorrent client.
Multiple stack-based buffer overflows in the tr_magnetParse() function in libtransmission/magnet.c have been discovered.
A remote attacker could cause a Denial of Service or possibly execute arbitrary code via a crafted magnet URL with a large number of tr or ws links.
There is no known workaround at this time.
All Transmission users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-p2p/transmission-1.92"
June 01, 2010
June 01, 2010: 01