Bug 9180

Summary: transmission new security issue CVE-2012-6129
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/539878/
Whiteboard: MGA2-64-OK MGA2-32-OK
Source RPM: transmission-2.51-1.2.mga2.src.rpm CVE:
Status comment:

Description David Walser 2013-02-25 20:00:45 CET 
Ubuntu has issued an advisory today (February 25):
http://www.ubuntu.com/usn/usn-1747-1/

Cauldron is not affected as it's fixed in the latest version, which we have.

Patched package uploaded for Mageia 2.

Advisory:
========================

Updated transmission packages fix security vulnerability:

It was discovered that Transmission incorrectly handled certain micro
transport protocol packets. A remote attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code (CVE-2012-6129).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6129
http://www.ubuntu.com/usn/usn-1747-1/
========================

Updated packages in core/updates_testing:
========================
transmission-common-2.51-1.3.mga2
transmission-cli-2.51-1.3.mga2
transmission-gtk-2.51-1.3.mga2
transmission-qt4-2.51-1.3.mga2
transmission-daemon-2.51-1.3.mga2

from transmission-2.51-1.3.mga2.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 Dave Hodgins 2013-02-27 02:49:21 CET 
No poc, so just testing that tranmission-daemon, qt, etc work.

Testing complete on Mageia 2 i586 and x86_64.

Could someone from the sysadmin team push the srpm
transmission-2.51-1.3.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated transmission packages fix security vulnerability:

It was discovered that Transmission incorrectly handled certain micro
transport protocol packets. A remote attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code (CVE-2012-6129).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6129
http://www.ubuntu.com/usn/usn-1747-1/
https://bugs.mageia.org/show_bug.cgi?id=9180

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK

Comment 2 Thomas Backlund 2013-02-27 22:13:59 CET 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0074

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED