Amazon Linux 1 Security Advisory: ALAS-2014-390
Advisory Release Date: 2014-07-31 14:00 Pacific
Advisory Updated Date: 2014-09-19 11:41 Pacific
Severity:
Medium
Issue Overview:
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Affected Packages:
transmission
Issue Correction:
Run yum update transmission to update your system.
New Packages:
i686:
transmission-cli-2.84-1.9.amzn1.i686
transmission-daemon-2.84-1.9.amzn1.i686
transmission-common-2.84-1.9.amzn1.i686
transmission-debuginfo-2.84-1.9.amzn1.i686
transmission-2.84-1.9.amzn1.i686
src:
transmission-2.84-1.9.amzn1.src
x86_64:
transmission-common-2.84-1.9.amzn1.x86_64
transmission-daemon-2.84-1.9.amzn1.x86_64
transmission-2.84-1.9.amzn1.x86_64
transmission-debuginfo-2.84-1.9.amzn1.x86_64
transmission-cli-2.84-1.9.amzn1.x86_64