drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Transmission
Name: |
Zwei Probleme in Transmission |
|
ID: |
USN-885-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 8.10, Ubuntu 9.04, Ubuntu 9.10 |
|
Datum: |
Do, 14. Januar 2010, 22:14 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0012 |
|
Applikationen: |
Transmission |
|
Originalnachricht |
--===============7378812572117971053== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline
--VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-885-1 January 14, 2010 transmission vulnerabilities CVE-2009-1757, CVE-2010-0012 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.04 LTS: transmission-cli 1.06-0ubuntu6.1 transmission-gtk 1.06-0ubuntu6.1
Ubuntu 8.10: transmission-cli 1.34-0ubuntu2.3 transmission-gtk 1.34-0ubuntu2.3
Ubuntu 9.04: transmission-cli 1.51-0ubuntu3.1 transmission-gtk 1.51-0ubuntu3.1
Ubuntu 9.10: transmission-cli 1.75-0ubuntu2.2 transmission-gtk 1.75-0ubuntu2.2 transmission-qt 1.75-0ubuntu2.2
After a standard system upgrade you need to restart Transmission to effect the necessary changes.
Details follow:
It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission. This issue affected Ubuntu 9.04. (CVE-2009-1757)
Dan Rosenberg discovered that Transmission did not properly perform input validation when processing torrent files. If a user were tricked into opening a crafted torrent file, an attacker could overwrite files via directory traversal. (CVE-2010-0012)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
transmission_1.06-0ubuntu6.1.diff.gz Size/MD5: 11532 d00f5ae62fa91ab4ddb3cd1c26856666 transmission_1.06-0ubuntu6.1.dsc Size/MD5: 1116 3b62b133deca8b2e70635f3f90aef7ac transmission_1.06.orig.tar.gz Size/MD5: 5059106 0073841635cc1e61ec725160b8a7a358
Architecture independent packages:
transmission-common_1.06-0ubuntu6.1_all.deb Size/MD5: 14272 d94c612943dce26b75a79fade345cfe6 transmission_1.06-0ubuntu6.1_all.deb Size/MD5: 918 61e1dc579d951a4680698706a17bd3ea
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
transmission-gtk_1.06-0ubuntu6.1_amd64.deb Size/MD5: 265288 722018b52a0420470d22628a34cd3d16 transmission-cli_1.06-0ubuntu6.1_amd64.deb Size/MD5: 394298 9a6c437e1368a5af80c7374f3376f1c0
i386 architecture (x86 compatible Intel/AMD):
transmission-gtk_1.06-0ubuntu6.1_i386.deb Size/MD5: 250598 047794218f9ff6891077d2501cf30113 transmission-cli_1.06-0ubuntu6.1_i386.deb Size/MD5: 361264 e9ac5569928691ca26007f4a6b6b703b
lpia architecture (Low Power Intel Architecture):
transmission-gtk_1.06-0ubuntu6.1_lpia.deb Size/MD5: 247834 5253a82b3394d4a69f2eb5160718fcdd transmission-cli_1.06-0ubuntu6.1_lpia.deb Size/MD5: 358348 40f4c4e498669042187b0ef9be1b863e
powerpc architecture (Apple Macintosh G3/G4/G5):
transmission-gtk_1.06-0ubuntu6.1_powerpc.deb Size/MD5: 290390 47cfd7d7950cf77f584e913247c1b54d transmission-cli_1.06-0ubuntu6.1_powerpc.deb Size/MD5: 441040 74f777dca45370cf200008f21c1bf449
sparc architecture (Sun SPARC/UltraSPARC):
transmission-gtk_1.06-0ubuntu6.1_sparc.deb Size/MD5: 251970 c4fb56ea87efd5136ce72d9fda54b4a0 transmission-cli_1.06-0ubuntu6.1_sparc.deb Size/MD5: 363224 8f930290cda469fe08367bf7596a8534
Updated packages for Ubuntu 8.10:
Source archives:
transmission_1.34-0ubuntu2.3.diff.gz Size/MD5: 17297 a339c2d7a5d13c396ce8471214f5ac88 transmission_1.34-0ubuntu2.3.dsc Size/MD5: 1553 18165c72efbb3697cc103db601240411 transmission_1.34.orig.tar.gz Size/MD5: 6576998 18973d58ef3e9936fc854f4e88cf4a1c
Architecture independent packages:
transmission-common_1.34-0ubuntu2.3_all.deb Size/MD5: 143450 e73d3b5c2f7d5b4ffa8b42a31f3967cf transmission_1.34-0ubuntu2.3_all.deb Size/MD5: 922 a212710fd05212893e051066ee7e268c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
transmission-gtk_1.34-0ubuntu2.3_amd64.deb Size/MD5: 338196 75da571c8e09fa448415b5ee96e88052 transmission-cli_1.34-0ubuntu2.3_amd64.deb Size/MD5: 644464 5cef27ba35fda1680525296dad6de416
i386 architecture (x86 compatible Intel/AMD):
transmission-gtk_1.34-0ubuntu2.3_i386.deb Size/MD5: 314384 a7b996a4eaff1cd6ea36ee18698c7b9a transmission-cli_1.34-0ubuntu2.3_i386.deb Size/MD5: 591144 a940a8a5f787060fca4ae8c2794cc22b
lpia architecture (Low Power Intel Architecture):
transmission-gtk_1.34-0ubuntu2.3_lpia.deb Size/MD5: 310472 266e132eef131a23d6caa74e8dfabb81 transmission-cli_1.34-0ubuntu2.3_lpia.deb Size/MD5: 582392 0b4eb7c3562acdd352587d3e78703ed2
powerpc architecture (Apple Macintosh G3/G4/G5):
transmission-gtk_1.34-0ubuntu2.3_powerpc.deb Size/MD5: 360310 0165994b599a430f7e7ae41fab25cd66 transmission-cli_1.34-0ubuntu2.3_powerpc.deb Size/MD5: 704174 df350e777eaf7bdf87673fd71494a35d
sparc architecture (Sun SPARC/UltraSPARC):
transmission-gtk_1.34-0ubuntu2.3_sparc.deb Size/MD5: 311594 dabe39e1da4d693c7189f02d5422a04c transmission-cli_1.34-0ubuntu2.3_sparc.deb Size/MD5: 579250 f142cd566f075a71e693668b48c8f711
Updated packages for Ubuntu 9.04:
Source archives:
transmission_1.51-0ubuntu3.1.diff.gz Size/MD5: 24490 0baa3ef499573c1e89cce6d6cb848328 transmission_1.51-0ubuntu3.1.dsc Size/MD5: 1598 f693615ed24d4f4e5b8886325e0d123d transmission_1.51.orig.tar.gz Size/MD5: 5957327 3ab369ba9027e19ffdd1de66df05ba4f
Architecture independent packages:
transmission-common_1.51-0ubuntu3.1_all.deb Size/MD5: 145980 fe4b2f64b5f286ab5d39d7ab73d5b98f transmission_1.51-0ubuntu3.1_all.deb Size/MD5: 920 953f2d2201648c1fa094a90115cf415b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
transmission-gtk_1.51-0ubuntu3.1_amd64.deb Size/MD5: 357900 3514ead45152bbf76036903e47be0a1c transmission-cli_1.51-0ubuntu3.1_amd64.deb Size/MD5: 476168 6d3680a980ee1b592980b0b10722ef3b transmission-daemon_1.51-0ubuntu3.1_amd64.deb Size/MD5: 232404 5a1338bed463c1a78fdc53ec931dbc1c
i386 architecture (x86 compatible Intel/AMD):
transmission-gtk_1.51-0ubuntu3.1_i386.deb Size/MD5: 335040 39b83444267dda6ec1c0e8e5da8f73c6 transmission-cli_1.51-0ubuntu3.1_i386.deb Size/MD5: 441532 4645ced62475f99387a19fe48b84b685 transmission-daemon_1.51-0ubuntu3.1_i386.deb Size/MD5: 214318 7aba6cac5ac750c6b9dff52b43b2d3cb
lpia architecture (Low Power Intel Architecture):
transmission-gtk_1.51-0ubuntu3.1_lpia.deb Size/MD5: 329340 ae96622495e47e51b89b4f658d5457c4 transmission-cli_1.51-0ubuntu3.1_lpia.deb Size/MD5: 432932 496dfaf1f49d854295318d04b6fab554 transmission-daemon_1.51-0ubuntu3.1_lpia.deb Size/MD5: 210720 4844d827b922a952155584c0e77d793f
powerpc architecture (Apple Macintosh G3/G4/G5):
transmission-gtk_1.51-0ubuntu3.1_powerpc.deb Size/MD5: 380206 6888a1c04fe31018b6e2862e7166a0fd transmission-cli_1.51-0ubuntu3.1_powerpc.deb Size/MD5: 514886 533cadf1855c8a1f2a2e370e64587455 transmission-daemon_1.51-0ubuntu3.1_powerpc.deb Size/MD5: 250180 eec5961a7101039ad266a95079af97ca
sparc architecture (Sun SPARC/UltraSPARC):
transmission-gtk_1.51-0ubuntu3.1_sparc.deb Size/MD5: 331716 ea4a56b65f845af3e1f0b81aeeb1df02 transmission-cli_1.51-0ubuntu3.1_sparc.deb Size/MD5: 431488 4693c3c826f95943b153b7025d09ad84 transmission-daemon_1.51-0ubuntu3.1_sparc.deb Size/MD5: 209510 de01528b01ebff556aec2102162586a1
Updated packages for Ubuntu 9.10:
Source archives:
transmission_1.75-0ubuntu2.2.diff.gz Size/MD5: 162354 615f470d226802b77c1d711945f2e2d3 transmission_1.75-0ubuntu2.2.dsc Size/MD5: 1612 1d15228514d73e475f6fd0b14d87be23 transmission_1.75.orig.tar.gz Size/MD5: 6681496 c0dc27e7b2b115fc6e6fc5fc24e49091
Architecture independent packages:
transmission-common_1.75-0ubuntu2.2_all.deb Size/MD5: 176072 8f1c73238021806cd7efc4bde1f28d46 transmission_1.75-0ubuntu2.2_all.deb Size/MD5: 922 c3e2851cbb5fa7677f267437c49c2537
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
transmission-gtk_1.75-0ubuntu2.2_amd64.deb Size/MD5: 317704 6374651cb303bb4e5828834645c61990 transmission-cli_1.75-0ubuntu2.2_amd64.deb Size/MD5: 395338 a29a8a45791d0b0a2b933bd353f662a9 transmission-daemon_1.75-0ubuntu2.2_amd64.deb Size/MD5: 193326 99894adc21a2b180648e35c26b84a489 transmission-qt_1.75-0ubuntu2.2_amd64.deb Size/MD5: 466460 d4961ed6131494db9b8b88bb0abceb07
i386 architecture (x86 compatible Intel/AMD):
transmission-gtk_1.75-0ubuntu2.2_i386.deb Size/MD5: 296916 f1aca01266c554afcaf5326d5c794fdb transmission-cli_1.75-0ubuntu2.2_i386.deb Size/MD5: 365018 4d9d974fe9827d8ef27d23b8a8c77a79 transmission-daemon_1.75-0ubuntu2.2_i386.deb Size/MD5: 177554 bdbee974b9b2f0991ae50fe7ef41a272 transmission-qt_1.75-0ubuntu2.2_i386.deb Size/MD5: 442314 a5ad4c269bab8e18a8a3d94d5fecf885
lpia architecture (Low Power Intel Architecture):
transmission-gtk_1.75-0ubuntu2.2_lpia.deb Size/MD5: 296494 a83907ed3f3d40d14c3cba28c1633b68 transmission-cli_1.75-0ubuntu2.2_lpia.deb Size/MD5: 365946 fa65ff7adb23a470498ea8af761eddf0 transmission-daemon_1.75-0ubuntu2.2_lpia.deb Size/MD5: 177378 1f963b664a4698953bd3fc812222437b transmission-qt_1.75-0ubuntu2.2_lpia.deb Size/MD5: 449438 bea029d30f55d7923a9806aa142c7a62
powerpc architecture (Apple Macintosh G3/G4/G5):
transmission-gtk_1.75-0ubuntu2.2_powerpc.deb Size/MD5: 316620 2181995c3049e92b0ca1a81cd2ad27b2 transmission-cli_1.75-0ubuntu2.2_powerpc.deb Size/MD5: 397630 10bc710de5c9d49445b703f91152981b transmission-daemon_1.75-0ubuntu2.2_powerpc.deb Size/MD5: 192460 2fadcc159f0d3f3df08ec3845ec50f30 transmission-qt_1.75-0ubuntu2.2_powerpc.deb Size/MD5: 468876 bdaf4da901683771db1a450e385fa4b8
sparc architecture (Sun SPARC/UltraSPARC):
transmission-gtk_1.75-0ubuntu2.2_sparc.deb Size/MD5: 293898 6892dd2c4fcd781d233604f5a0a4443c transmission-cli_1.75-0ubuntu2.2_sparc.deb Size/MD5: 358756 d94bf198cc880e78d33d5a68493376ee transmission-daemon_1.75-0ubuntu2.2_sparc.deb Size/MD5: 173830 038a09f38e3a280bc70f8608013442d3 transmission-qt_1.75-0ubuntu2.2_sparc.deb Size/MD5: 484760 5ddea92faf999e6e5d38ed803e61baba
--VbJkn9YxBvnuCH5J Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAktPZgYACgkQW0JvuRdL8BrfAQCfepSdRWouXcU3aw95yiSsV8eC g88An0bTySJzHHGzya9e4JRwJmBQJjnH =FC9W -----END PGP SIGNATURE-----
--VbJkn9YxBvnuCH5J--
--===============7378812572117971053== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7378812572117971053==--
|
|
|
|