[bittorrent] client(s) vulnerable.

////// · 01-16-2018, 01:34 AM

this concerns me and my bittorrent client, Transmission.

https://arstechnica.com/information-...your-computer/

ondoho · 01-17-2018, 02:02 AM

i also use transmission-daemon, but was thinking of switching to rtorrent.
anyhow, authentication enabled.

////// · 01-17-2018, 09:12 AM

Quote:

Fedora Update System 2018-01-17 01:56:29 EST
transmission-2.92-11.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/upda...018-b3d58d82a0

my transmission were updated today:

# transmission-gtk -v
transmission-gtk 2.92 (14714)

i suspect that this version (fedora 27) is patched.

ondoho · 01-18-2018, 01:26 AM

i _think_ my version is patched now...:
https://bugs.archlinux.org/task/57086
the 2 comments seem conflicting, and i'm not sure what the final situation is (was the patch in the second comment applied? does that mean i do not need to password protect my transmission-daemon anymore?)

according to https://github.com/transmission/transmission/pull/468 the issue is fixed, but how?

i think i'll just assume that people are sensible and the change has already trickled down to my arch box.

but i'm keeping the password enabled anyhow.

////// · 01-18-2018, 05:09 AM

ive got openbsd bridge that allows only few known ports (http[s], dns, dhcp, steam, battle.net, irc) out/in from/to my network, ive got udp port 9091 blocked by default pf rules, does that mean that i were not vulnerable ?