Arch Linux Security Advisory ASA-201609-8 ========================================= Severity: Low Date : 2016-09-13 CVE-ID : CVE-2016-7164 Package : libtorrent-rasterbar Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libtorrent-rasterbar before version 1:1.1.1-1 is vulnerable to denial of service. Resolution ========== Upgrade to 1:1.1.1-1. # pacman -Syu "libtorrent-rasterbar>=1:1.1.1-1" The problem has been fixed upstream in version 1.1.1. Workaround ========== None. Description =========== A bug has been found in the libtorrent-rasterbar code handling GZIP-encoded responses from a tracker, where malformed responses could lead to a crash. Impact ====== A remote attacker can crash a client using libtorrent-rasterbar by sending malformed GZIP-encoded responses from a tracker. References ========== http://seclists.org/oss-sec/2016/q3/443 https://access.redhat.com/security/cve/CVE-2016-7164