[icecast] icecast security

udo noll un at aporee.org
Mon Jan 21 22:05:38 UTC 2002 


Jack Moffitt:
> > securityfocus mailing list (bugtraq) today (and several month before)
> > about a remote buffer overflow in icecast v1.3.10 (which seems to be a
> 
> Point me to a url at bugtraq where I can read a description of the
> problem.  

i've the today's email only in the web archive, here's a copy.
don't know if it's old news...
u.

<p>-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory DSA-089-2                   security at debian.org
http://www.debian.org/security/                         Wichert Akkerman
January 21, 2002
- ------------------------------------------------------------------------

<p>Package        : icecast-server
Problem type   : remote exploit (and others)
Debian-specific: no

In Debian Security Advisory DSA-089-1 we reported that icecast-server
has several security problems. For details please see that advisory.

The i386 package mention in the DSA-089-1 advisory was incorrectly
compiled and will not run on Debian GNU/Linux potato machines. This
has been corrected in version 1.3.10-1.1.

<p>wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

<p>Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  This advisory only updates the i386 package.

  Intel IA-32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/icecast-server_1.3.10-1.1_i386.deb
      MD5 checksum: 6777c4acf5c95daf691597ed5b9ee502

  This package will be moved into the stable distribution on its next
  revision.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

<p><p><p><p>--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Icecast mailing list