Bug 34459

Summary: rpc session-id mechanism design flaw results in RCE
Product: Sisyphus Reporter: Dmitry V. Levin <ldv>
Component: transmissionAssignee: Anton Farygin <rider>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P3 CC: aris, cas, darktemplar, mike, rider, zerg
Version: unstable   
Hardware: all   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2018/01/11/1

Description Dmitry V. Levin 2018-01-14 22:49:03 MSK
Insecure RPC handling between the transmission daemon and the client interfaces may result in the execution of arbitrary code if a user visits a malicious website while transmission is running.
Comment 1 Repository Robot 2018-01-15 14:16:56 MSK
transmission-2.92-alt5.S1 -> sisyphus:

Mon Jan 15 2018 Anton Farygin <rider@altlinux.ru> 2.92-alt5.S1
- added fix for security flaw in RPC (closes: #34459)
Comment 2 Michael Shigorin 2018-01-18 16:58:29 MSK
Просьба сбэкпортить исправление в p8.
Comment 3 Anton Farygin 2018-01-18 21:21:56 MSK