A security issue was reported and fixed upstream in libtorrent-rasterbar: http://openwall.com/lists/oss-security/2016/06/04/9 The fix in the 1.0 branch is here: https://github.com/arvidn/libtorrent/commit/22099cec46741417a6fb6df560468eb64655db33 I don't know if it affects 0.16.18 in Mageia 5.
CVE-2016-5301 has been assigned: http://openwall.com/lists/oss-security/2016/06/05/1
Summary: libtorrent-rasterbar new DoS security issue => libtorrent-rasterbar new DoS security issue (CVE-2016-5301)
Debian-LTS has issued an advisory for this on June 11: http://lwn.net/Alerts/691074/ So, it does indeed affect Mageia 5. You should be able to get a patch from them.
URL: (none) => http://lwn.net/Vulnerabilities/691093/Whiteboard: (none) => MGA5TOO
Fixed in libtorrent-rasterbar-1.0.9-2.mga6 in Cauldron by David. Thanks!
CC: (none) => geiger.david68210Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
Fixed for mga5 too.
Thanks David! This is used by qbittorrent, deluge, and miro. Advisory: ======================== Updated libtorrent-rasterbar packages fix security vulnerability: A specially crafted HTTP response from a tracker (or potentially a UPnP broadcast) can crash libtorrent-rasterbar in the parse_chunk_header() function. Although this function is not present in this version, upstream's additional sanity checks were added to abort the program if necessary instead of crashing it (CVE-2016-5301). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5301 http://lwn.net/Alerts/691074/ ======================== Updated packages in core/updates_testing: ======================== libtorrent-rasterbar7-0.16.18-1.2.mga5 python-libtorrent-rasterbar-0.16.18-1.2.mga5 libtorrent-rasterbar-devel-0.16.18-1.2.mga5 from libtorrent-rasterbar-0.16.18-1.2.mga5.src.rpm
Assignee: matteo.pasotti => qa-bugs
Just testing that deluge works. advisory committed to svn. validating the update
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA5-64-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0234.html
Status: NEW => RESOLVEDResolution: (none) => FIXED