[sflack-security] ktorrent (SFSA:2007-093-02)

[sflack-security]  ktorrent (SFSA:2007-093-02)

New ktorrent packages are available for Sflack 11.0 and -current to
fix security issues.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/ktorrent-2.1.3-x86_64-1_sflack11.0.tgz:
Upgraded to ktorrent-2.1.3.
A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may
allow remote attackers to overwrite the ktorrent user's files. A bug in
chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash
ktorrent and cause heap corruption by the use of an invalid idx value.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

See the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/ktorrent-2.1.3-x86_64-1_sflack11.0.tgz

Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/extra/ktorrent/ktorrent-2.1.3-x86_64-1.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
19c157eb9c4e55b97e8ccd673e37d7bb ktorrent-2.1.3-x86_64-1_sflack11.0.tgz

Sflack -current package:
30a773bcff7cbf85ce0389953f75e63b ktorrent-2.1.3-x86_64-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg ktorrent-2.1.3-x86_64-1_sflack11.0.tgz


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com