Branch t7 update bulletin.

Package libssh updated to version 0.5.5-alt0.M70P.1 for branch t7 in task 111676.

Published: 2013-02-06
Modified: 2024-11-21

CVE-2013-0176

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

Severity: MEDIUM (4.3)

References:

FEDORA-2013-1422
FEDORA-2013-1422
FEDORA-2013-1407
FEDORA-2013-1407
51982
51982
http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
USN-1707-1
USN-1707-1
libssh-publickeyfromprivatekey-dos(81595)
libssh-publickeyfromprivatekey-dos(81595)

Package transmission updated to version 2.82-alt1 for branch t7 in task 111676.

Published: 2013-04-03
Modified: 2013-04-03

CVE-2012-6129

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."

Severity: HIGH (7.5)

References:

openSUSE-SU-2013:0485
USN-1747-1
https://bugzilla.redhat.com/show_bug.cgi?id=909934
[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely
https://trac.transmissionbt.com/ticket/5002
https://trac.transmissionbt.com/changeset/13646

Version: 2.1.0

Branch t7 update on 2014-01-12

ALT-BU-2014-2517-1

ALT-PU-2014-1033-1

Closed vulnerabilities

CVE-2013-0176

ALT-PU-2014-1034-1

Closed vulnerabilities

CVE-2012-6129