Branch t7 update bulletin.

Package libssh updated to version 0.5.5-alt0.M70P.1 for branch t7 in task 111676.

Published: 2013-02-05
Modified: 2025-04-11

CVE-2013-0176

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Package transmission updated to version 2.82-alt1 for branch t7 in task 111676.

Published: 2013-04-03
Modified: 2025-04-11

CVE-2012-6129

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Version: 2.1.2

Branch t7 update on 2014-01-12

ALT-BU-2014-2517-1

ALT-PU-2014-1033-1

Closed vulnerabilities

CVE-2013-0176

ALT-PU-2014-1034-1

Closed vulnerabilities

CVE-2012-6129