Ubuntu has issued an advisory today (February 25): http://www.ubuntu.com/usn/usn-1747-1/ Cauldron is not affected as it's fixed in the latest version, which we have. Patched package uploaded for Mageia 2. Advisory: ======================== Updated transmission packages fix security vulnerability: It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code (CVE-2012-6129). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6129 http://www.ubuntu.com/usn/usn-1747-1/ ======================== Updated packages in core/updates_testing: ======================== transmission-common-2.51-1.3.mga2 transmission-cli-2.51-1.3.mga2 transmission-gtk-2.51-1.3.mga2 transmission-qt4-2.51-1.3.mga2 transmission-daemon-2.51-1.3.mga2 from transmission-2.51-1.3.mga2.src.rpm Reproducible: Steps to Reproduce:
No poc, so just testing that tranmission-daemon, qt, etc work. Testing complete on Mageia 2 i586 and x86_64. Could someone from the sysadmin team push the srpm transmission-2.51-1.3.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated transmission packages fix security vulnerability: It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code (CVE-2012-6129). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6129 http://www.ubuntu.com/usn/usn-1747-1/ https://bugs.mageia.org/show_bug.cgi?id=9180
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0074
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED