openSUSE-SU-2024:0358-1: moderate: Security update for qbittorrent
openSUSE-SU-2024:0358-1: moderate: Security update for qbittorrent
openSUSE Security Update: Security update for qbittorrent
_______________________________
Announcement ID: openSUSE-SU-2024:0358-1
Rating: moderate
References: #1232731
Cross-References: CVE-2024-51774
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for qbittorrent fixes the following issues:
- Update to version 5.0.1 (fixes boo#1232731 CVE-2024-51774)
Added features:
* Add "Simple pread/pwrite" disk IO type
Bug fixes:
* Don't ignore SSL errors (boo#1232731 CVE-2024-51774)
* Don't try to apply Mark-of-the-Web to nonexistent files
* Disable "Move to trash" option by default
* Disable the ability to create torrents with a piece size of 256MiB
* Allow to choose Qt style
* Always notify user about duplicate torrent
* Correctly handle "torrent finished after move" event
* Correctly apply filename filter when `!qB` extension is enabled
* Improve color scheme change detection
* Fix button state for SSL certificate check
Web UI:
* Fix CSS that results in hidden torrent list in some browsers
* Use proper text color to highlight items in all filter lists
* Fix 'rename files' dialog cannot be opened more than once
* Fix UI of Advanced Settings to show all settings
* Free resources allocated by web session once it is destructed
Search:
* Import correct libraries
Other changes:
* Sync flag icons with upstream
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2024-358=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):
qbittorrent-5.0.1-bp156.3.6.1
qbittorrent-nox-5.0.1-bp156.3.6.1
References:
https://www.suse.com/security/cve/CVE-2024-51774.html
https://bugzilla.suse.com/1232731