From 5b6712dd5c527643b1249a76e15d0921eda06151 Mon Sep 17 00:00:00 2001 From: Aaron Bauman Date: Tue, 19 Jun 2018 20:24:40 -0400 Subject: [ GLSA 201806-07 ] Transmission: Remote code execution --- glsa-201806-07.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 glsa-201806-07.xml (limited to 'glsa-201806-07.xml') diff --git a/glsa-201806-07.xml b/glsa-201806-07.xml new file mode 100644 index 00000000..5f956e06 --- /dev/null +++ b/glsa-201806-07.xml @@ -0,0 +1,49 @@ + + + + Transmission: Remote code execution + A vulnerability in Transmission could allow a remote attacker to + execute arbitrary RPC commands. + + transmission + 2018-06-20 + 2018-06-20 + 644406 + remote + + + 2.93 + 2.93 + + + +

Transmission is a cross-platform BitTorrent client.

+ + +

A vulnerability was discovered in how Transmission handles access + control through the X-Transmission-Session-Id. +

+ + +

A remote attacker could execute arbitrary RFC commands or consequently + conduct a DNS rebinding attack. +

+ + +

There is no known workaround at this time.

+ + +

All Transmission users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/transmission-" + + + + + CVE-2018-5702 + + b-man + irishluck83 + -- cgit v1.2.3-65-gdbad