Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3575 to the following vulnerability: Name: CVE-2009-3575 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3575 Assigned: 20091007 Reference: CONFIRM: https://qa.mandriva.com/show_bug.cgi?id=52840 Reference: MANDRIVA:MDVSA-2009:226 Reference: URL: http://www.mandriva.com/security/advisories?name=MDVSA-2009:226 Reference: BID:36332 Reference: URL: http://www.securityfocus.com/bid/36332 Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
The upstream patch to correct this is here: http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/DHTRoutingTableDeserializer.cc?r1=670&r2=1041&view=patch This issue affects Fedora 10; Fedora 11 and later is new enough that the offending code has already been fixed upstream.
aria2-1.3.1-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/aria2-1.3.1-2.fc10
aria2-1.3.1-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.