USN-711-1: KTorrent vulnerabilities
26 January 2009
- ktorrent -
It was discovered that KTorrent did not properly restrict access when using the
web interface plugin. A remote attacker could use a crafted http request and
upload arbitrary torrent files to trigger the start of downloads and seeding.
It was discovered that KTorrent did not properly handle certain parameters when
using the web interface plugin. A remote attacker could use crafted http
requests to execute arbitrary PHP code. (CVE-2008-5906)
The problem can be corrected by updating your system to the following package versions:
After a standard system upgrade you need to restart KTorrent to effect
the necessary changes.