ALT-PU-2020-2868-1
Package transmission updated to version 3.00-alt1 for branch sisyphus in task 258470.
Closed vulnerabilities
Published: 2020-05-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-10756
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e
- https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e
- [debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update
- [debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update
- [debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update
- [debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update
- FEDORA-2020-3ef028d53f
- FEDORA-2020-3ef028d53f
- FEDORA-2020-e67318b4b4
- FEDORA-2020-e67318b4b4
- GLSA-202007-07
- GLSA-202007-07
- https://tomrichards.net/2020/05/cve-2018-10756-transmission/
- https://tomrichards.net/2020/05/cve-2018-10756-transmission/