Bug 574527 (CVE-2010-0748, CVE-2010-0749)

Summary: CVE-2010-0748 CVE-2010-0749 Transmission: Two security fixes in upstream v1.92 version
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bressers, denis, metherid, sundaram
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://trac.transmissionbt.com/wiki/Changes
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-22 19:27:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan Lieskovsky 2010-03-17 18:09:10 UTC
Transmission upstream has recently released latest,
v.1.92 version:
  [1] http://trac.transmissionbt.com/wiki/Changes

addressing two security issues:
  A, Fix potential buffer overflow when adding
     maliciously-crafted magnet links 
    [2] http://trac.transmissionbt.com/ticket/2965
    [3] http://trac.transmissionbt.com/wiki/Changes
    [4] http://bugs.gentoo.org/show_bug.cgi?id=309831

  Upstream patch:
    [5] http://trac.transmissionbt.com/changeset/10279

  B, Fix possible data corruption issue caused by data
     sent by bad peers during endgame
    [6] http://trac.transmissionbt.com/ticket/1242
    [7] http://trac.transmissionbt.com/ticket/1242#comment:1
    [8] http://trac.transmissionbt.com/wiki/Changes

  Upstream patch:
    [9] http://trac.transmissionbt.com/changeset/10325

CVE Request:
  [10] http://www.openwall.com/lists/oss-security/2010/03/17/12

Comment 1 Jan Lieskovsky 2010-03-17 18:15:58 UTC
These issues does NOT affect the current versions
of the transmission package, as shipped with Fedora
release of 11 and 12 (both issues has been already
addressed within transmission-1.92-1.fc12 and 
transmission-1.92-1.fc11 version).

Issue A, does NOT affect the version of the transmission
package, as shipped within EPEL5 repository (transmission-1.34
does NOT provide magnet links functionality / support yet).

Issue B, affects the version of the transmission package,
as shipped within EPEL5 repository (transmission-1.34-1.el5).
Though not complete sure this is a security issue (see [10]
for further details), filed this BZ just not to omit
potential security flaw.

Please fix.

Comment 2 Rahul Sundaram 2010-03-18 14:04:48 UTC
I don't maintain the EPEL branches. I am not sure anybody is.  Fedora branches have already been updated. Should I close this?

Comment 3 Josh Bressers 2010-03-22 19:27:08 UTC
I'm closing this, the EPEL branch doesn't seem to be well maintained, we don't plan on chasing it.

Comment 4 Jan Lieskovsky 2010-04-02 10:17:53 UTC
The CVE identifier of CVE-2010-0748 has been assigned for:
  [1] http://trac.transmissionbt.com/ticket/2965

Transmission issue.

The CVE identifier of CVE-2010-0749 has been assigned for:
  [2] http://trac.transmissionbt.com/ticket/1242
  [3] http://trac.transmissionbt.com/ticket/1242#comment:1

Transmission issue.