January 18, 2010

Mandriva Linux Security Advisory 2010:013: transmission

Multiple vulnerabilities has been found and corrected in transmission:

Cross-site request forgery (CSRF) vulnerability in Transmission 1.5
before 1.53 and 1.6 before 1.61 allows remote attackers to hijack
the authentication of unspecified victims via unknown vectors

Directory traversal vulnerability in libtransmission/metainfo.c in
Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to
overwrite arbitrary files via a .. (dot dot) in a pathname within a
.torrent file (CVE-2010-0012).

The updated packages have been patched to correct these issues...

Read More

Click Here!