Summary: | <net-p2p/transmission-2.93: Remote code execution (RCE) in rpc session-id via dns rebinding attack (CVE-2018-5702) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | floppym |
Priority: | High | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2018/01/11/1 | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
net-p2p/transmission-2.93
|
Runtime testing required: | --- |
Description
Hanno Böck
2018-01-13 00:21:47 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c26accdac5c7872b9215fc3a99adcc57a71eebf commit 1c26accdac5c7872b9215fc3a99adcc57a71eebf Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2018-01-13 21:54:39 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2018-01-13 22:00:20 +0000 net-p2p/transmission: backport rpc host check Bug: https://bugs.gentoo.org/644406 Package-Manager: Portage-2.3.19_p11, Repoman-2.3.6_p45 .../files/transmission-2.92-pr468.patch | 302 +++++++++++++++++++++ net-p2p/transmission/transmission-2.92-r3.ebuild | 165 +++++++++++ 2 files changed, 467 insertions(+)} Ok to stabilize. @ Maintainer(s): Should we go with =net-p2p/transmission-2.92-r3 or can we pick =net-p2p/transmission-2.93? x86 stable amd64 stable ppc stable ppc64 stable @maintainer, please drop vulnerable This issue was resolved and addressed in GLSA 201806-07 at https://security.gentoo.org/glsa/201806-07 by GLSA coordinator Aaron Bauman (b-man). |