Referenced CVEs:
CVE-2008-5905, CVE-2008-5906
Description:
===========================================================Ubuntu Security Notice USN-711-1 January 26, 2009ktorrent vulnerabilitiesCVE-2008-5905, CVE-2008-5906===========================================================A security issue affects the following Ubuntu releases:Ubuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.10: ktorrent 2.2.1-0ubuntu3.1Ubuntu 8.04 LTS: ktorrent 2.2.5-0ubuntu1.1Ubuntu 8.10: ktorrent 3.1.2+dfsg.1-0ubuntu2.1After a standard system upgrade you need to restart KTorrent to effectthe necessary changes.Details follow:It was discovered that KTorrent did not properly restrict access when using theweb interface plugin. A remote attacker could use a crafted http request andupload arbitrary torrent files to trigger the start of downloads and seeding.(CVE-2008-5905)It was discovered that KTorrent did not properly handle certain parameters whenusing the web interface plugin. A remote attacker could use crafted httprequests to execute arbitrary PHP code. (CVE-2008-5906)
More...