Ubuntu Security Notice USN-711-1
26th January, 2009
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.10
- Ubuntu 8.04 LTS
- Ubuntu 7.10
It was discovered that KTorrent did not properly restrict access when using the
web interface plugin. A remote attacker could use a crafted http request and
upload arbitrary torrent files to trigger the start of downloads and seeding.
It was discovered that KTorrent did not properly handle certain parameters when
using the web interface plugin. A remote attacker could use crafted http
requests to execute arbitrary PHP code. (CVE-2008-5906)
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.10:
- ktorrent 3.1.2+dfsg.1-0ubuntu2.1
- Ubuntu 8.04 LTS:
- ktorrent 2.2.5-0ubuntu1.1
- Ubuntu 7.10:
- ktorrent 2.2.1-0ubuntu3.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart KTorrent to effect
the necessary changes.