Security update for libtorrent-rasterbar SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1635-1 Final 1 1 2016-06-20T16:07:14Z current 2016-06-20T16:07:14Z 2016-06-20T16:07:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libtorrent-rasterbar This update for libtorrent-rasterbar fixes the following issues: - CVE-2016-5301: Crash on invalid input in http_parser could have allowed a remote attacker to perform a denial of service attack (boo#983228). In addition, the package was updated to 1.0.9 / 1.16.19, fixing various upstream bugs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-06/msg00079.html E-Mail link for openSUSE-SU-2016:1635-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libtorrent-rasterbar-1.0.9-7.1 libtorrent-rasterbar-devel-1.0.9-7.1 libtorrent-rasterbar-doc-1.0.9-7.1 libtorrent-rasterbar8-1.0.9-7.1 python-libtorrent-rasterbar-1.0.9-7.1 libtorrent-rasterbar-1.0.9-7.1 as a component of openSUSE Leap 42.1 libtorrent-rasterbar-devel-1.0.9-7.1 as a component of openSUSE Leap 42.1 libtorrent-rasterbar-doc-1.0.9-7.1 as a component of openSUSE Leap 42.1 libtorrent-rasterbar8-1.0.9-7.1 as a component of openSUSE Leap 42.1 python-libtorrent-rasterbar-1.0.9-7.1 as a component of openSUSE Leap 42.1 The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. CVE-2016-5301 openSUSE Leap 42.1:libtorrent-rasterbar-1.0.9-7.1 openSUSE Leap 42.1:libtorrent-rasterbar-devel-1.0.9-7.1 openSUSE Leap 42.1:libtorrent-rasterbar-doc-1.0.9-7.1 openSUSE Leap 42.1:libtorrent-rasterbar8-1.0.9-7.1 openSUSE Leap 42.1:python-libtorrent-rasterbar-1.0.9-7.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-06/msg00079.html https://www.suse.com/security/cve/CVE-2016-5301.html CVE-2016-5301 https://bugzilla.suse.com/983228 SUSE Bug 983228