µTorrent Community Forums

Firon

Administrator

µTorrent 2.0.4 released

There is a DLL vulnerability in all versions of Windows affecting a great deal of software applications. Subsequently, attack code targeting the μTorrent client surfaced on a third-party website, and while so far no attacks have been reported to us, we have released μTorrent 2.0.4 to fix this vulnerability. The new client disables loading of DLLs from the current working directory and prevents this exploit from functioning. More information about the exploit can be found here: http://www.reuters.com/article/idUS2168761020100825

We take our user's security very seriously, and we sincerely apologize for any inconvenience.

Release notes:

• Fix reported DLL exploit

Download it now!

-- 2010-10-07: Version 2.0.4 (build 22450)
- Fix: uTP EACK vulnerability

-- 2010-09-24: Version 2.0.4 (build 22150)
- Fix: uTP ack-timer wrapping issue
- Fix: transfer cap doesn't update unless uTorrent is running

-- 2010-08-28: Version 2.0.4 (build 21586)
- Fix: tracker retry interval bug

-- 2010-08-26: Version 2.0.4 (build 21515)
- Fix: make survey links never show up on XP
- Fix: started and stopped events now correctly sent to torrents with multiple tracker tiers.

-- 2010-08-25: Version 2.0.4 (build 21431)
- Fix: fixed DLL hijack exploit
- Change: add bold text for Ask toolbar offer
- Fix: added groupbox in bandwidth settings
- Fix: Fixed size of static text in transfer cap setting pane to be translatable
- Fix: Fixed peer exchange exploit
- Fix: Safari 5 compatibility for WebUI
- Fix: WebUI security improvements

Last edited by Firon (2010-10-11 22:17:45)

moogly

Member

Re: µTorrent 2.0.4 released

Is the automatic update immediate? Or in few days as usual?

Firon

Administrator

Re: µTorrent 2.0.4 released

We will autoupdate either later tonight or tomorrow morning. We skipped the beta process for this release because this is more or less the same code that was in BTML 7.0, which has been out for a while now.

sbbz2004

Member

Re: µTorrent 2.0.4 released

I'll update to the latest version right now.

rafi

Member

Re: µTorrent 2.0.4 released

I'm disappointed to see that you did publish 2.04, yet, didn't take this opportunity to back-port and include most desired and promised functional fixes you did on 2.2 in it.
Even small things that were talked about pre 2.2, like the cancellation of double add-torrent dialog-control and such.

I suggest you  review those changes and put them in as well. there is still time !

Last edited by rafi (2010-08-25 21:28:55)

---

My uTorrent >Upgrade, Speed-up & other 'Best Practice' Tips<
My v3.x quick-fix >"Best Practice" settings.dat file< (^ see tip #O)
Best >v3.3.1 beta-RC<
My *new* >>>>>>>>  v3.2.x/3.3.0 Web-Help Site/File  <<<<<<<<<

Firon

Administrator

Re: µTorrent 2.0.4 released

No, we are not backporting anything. 2.2 is slated as the next stable, so the 2.0.x line will get nothing but critical fixes. There will probably not be any more releases of 2.0.x, barring some huge problem coming up within the next month and a half or so.

rafi

Member

Re: µTorrent 2.0.4 released

I see...

- Change: add bold text for Ask toolbar offer
- Fix: added groupbox in bandwidth settings
- Fix: Fixed size of static text in transfer cap setting pane to be translatable
- Fix: Safari 5 compatibility for WebUI

VERY critical indeed..

I am aware of the logic behind it, but hey, what am I asking for ?

-- 2010-08-10: Version 2.2 Beta (build 21090)
- Change: remove the "always show add dialog" and merge its functionality with the "show add dialog"

Fix something that was screwed up in the first place, and is already fixed. A bit of flexibility will not kill you guys...

Last edited by rafi (2010-08-25 21:53:36)

---

My uTorrent >Upgrade, Speed-up & other 'Best Practice' Tips<
My v3.x quick-fix >"Best Practice" settings.dat file< (^ see tip #O)
Best >v3.3.1 beta-RC<
My *new* >>>>>>>>  v3.2.x/3.3.0 Web-Help Site/File  <<<<<<<<<

Sunstep

Member

Re: µTorrent 2.0.4 released

Uploaded with ImageShack.us

Firon

Administrator

Re: µTorrent 2.0.4 released

The survey problem isn't new to 2.0.4. It seems like we neglected to backport the fix for that, so I'll be doing a re-release of 2.0.4 later (and autoupdate it while I'm at it).

paintball9

Member

Re: µTorrent 2.0.4 released

Will 2.2 and 3.0 be receiving the DLL fix in the near future as well?

---

User mapped section open? http://forum.utorrent.com/viewtopic.php … 88#p494288
Disabling IPv6 http://support.microsoft.com/kb/929852
Useful Logs http://forum.utorrent.com/viewtopic.php?id=15992
Internet not working when using uTorrent http://forum.utorrent.com/viewtopic.php … 08#p515308

Firon

Administrator

Re: µTorrent 2.0.4 released

Yes, the next releases will have the fix, as will today's release of BitTorrent 7.0.

Firon

Administrator

Re: µTorrent 2.0.4 released

New release of 2.0.4 up + autoupdate enabled.

saintsoh

Member

Re: µTorrent 2.0.4 released

i noticed a tracker(bakabt.com) don't allow this 2.0.4 ut client to dl but allow earlier versions.
wat can be the reason?

Last edited by saintsoh (2010-08-26 21:43:24)

acmodeu

Member

Re: µTorrent 2.0.4 released

It means that this version is not in the list of the allowed clients on the tracker. Wait until owners update it.

rafi

Member

Re: µTorrent 2.0.4 released

Will the  "Help file not working " issue require another update ?

---

My uTorrent >Upgrade, Speed-up & other 'Best Practice' Tips<
My v3.x quick-fix >"Best Practice" settings.dat file< (^ see tip #O)
Best >v3.3.1 beta-RC<
My *new* >>>>>>>>  v3.2.x/3.3.0 Web-Help Site/File  <<<<<<<<<

Firon

Administrator

Re: µTorrent 2.0.4 released

You should tell tracker admins that it is important to allow this release as quickly as possible.

Will the  "Help file not working " issue require another update ?

No. It's already been fixed.

Southrop

Member

Re: µTorrent 2.0.4 released

i noticed a tracker(bakabt.com) don't allow this 2.0.4 ut client to dl but allow earlier versions.
wat can be the reason?

Southrop from BakaBT here to give you an update.

We simply hadn't updated our whitelist at the time. 2.0.4 has been whitelisted for a few hours now. We will probably remove older versions from the whitelist in the near future to ensure the safety of our users.

Thanks to the uTorrent Dev Team for rolling out an update for the security issue so quickly!

You should tell tracker admins that it is important to allow this release as quickly as possible.

I'm in agreement with this opinion. I've been personally posting in trackers that I don't regularly use to petition for 2.0.4 to be whitelisted.

znx

Member

Re: µTorrent 2.0.4 released

Firon, just sent you an email about this > contal...@hotm

gazzyk1ns

Member

Re: µTorrent 2.0.4 released

Thanks for the continued updates to the 2.0.x branch, it's appreciated - I felt the need to say that after registering almost solely to moan about the 2.2 branch. It's quite reassuring, after I was getting a bit worried about the future of  µTorrent development.

Last edited by gazzyk1ns (2010-08-27 16:22:21)

Firon

Administrator

Re: µTorrent 2.0.4 released

Well, 2.0.x is probably not going to have any more releases, barring some exceptional case.

rafi

Member

Re: µTorrent 2.0.4 released

maybe 2.04 is a good  opportunity to 're-use' the good old notification thread  that is forgotten since 1.8.5 ...
http://forum.utorrent.com/viewtopic.php … 59#p434359

---

My uTorrent >Upgrade, Speed-up & other 'Best Practice' Tips<
My v3.x quick-fix >"Best Practice" settings.dat file< (^ see tip #O)
Best >v3.3.1 beta-RC<
My *new* >>>>>>>>  v3.2.x/3.3.0 Web-Help Site/File  <<<<<<<<<

saintsoh

Member

Re: µTorrent 2.0.4 released

global ul limiting not working.
i've low 256kb/s upload n set limit to 10kB/s, ul went as high as 40kB/s.

saintsoh

Member

Re: µTorrent 2.0.4 released

i noticed a tracker(bakabt.com) don't allow this 2.0.4 ut client to dl but allow earlier versions.
wat can be the reason?

Southrop from BakaBT here to give you an update.

We simply hadn't updated our whitelist at the time. 2.0.4 has been whitelisted for a few hours now. We will probably remove older versions from the whitelist in the near future to ensure the safety of our users.

Thanks to the uTorrent Dev Team for rolling out an update for the security issue so quickly!

You should tell tracker admins that it is important to allow this release as quickly as possible.

I'm in agreement with this opinion. I've been personally posting in trackers that I don't regularly use to petition for 2.0.4 to be whitelisted.

thanks for the update, pls don't wipe out the old versions from your whitelist until 2.0.x is as stable as 1.8.5.

Last edited by saintsoh (2010-08-27 22:03:03)

DreadWingKnight

I never claimed to be nice.

Re: µTorrent 2.0.4 released

thanks for the update, pls don't wipe out the old versions from your whitelist until 2.0.x is as stable as 1.8.5.

So you want to encourage users to remain vulnerable to the exploit that 2.0.4 fixes?

We really don't want to encourage that.

---

FAQ and Search - Use them.
If guides ask for info, provide it before I have to ask for it.

saintsoh

Member

Re: µTorrent 2.0.4 released

thanks for the update, pls don't wipe out the old versions from your whitelist until 2.0.x is as stable as 1.8.5.

So you want to encourage users to remain vulnerable to the exploit that 2.0.4 fixes?

We really don't want to encourage that.

not every hackers know how2exploit dll.
u can't tell it is 100% secure even it is safe guarded.
every users want is a stable client even it is an old version.
simply say why most r still using xp not upgrading to win7 because it is stable.

Last edited by saintsoh (2010-08-28 01:55:30)