[Bug 573072] New: aria2 vulnerability: CVE-2009-3617
http://bugzilla.novell.com/show_bug.cgi?id=573072 http://bugzilla.novell.com/show_bug.cgi?id=573072#c0 Summary: aria2 vulnerability: CVE-2009-3617 Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: jnelson-suse@jamponi.net QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.6) Gecko/20091201 SUSE/3.5.6-1.1.1 Firefox/3.5.6 I haven't seen Novell/openSUSE response to this yet: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3617 Current version in openSUSE 11.2 is 1.5.2 Please upgrade to latest 1.6.X with security fix ASAP. Since aria2 is used as a downloader for zypper, it's on every system and is run as root. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=573072
http://bugzilla.novell.com/show_bug.cgi?id=573072#c1
Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com