Debian: DSA-1764-1 Critical: Tunapie Local DoS and Remote Execution
debian
April 7, 2009
Several vulnerabilities have been discovered in Tunapie, a GUI frontend to video and radio streams
Topics Covered
Summary
Several vulnerabilities have been discovered in Tunapie, a GUI frontend
to video and radio streams. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-1253
Kees Cook discovered that insecure handling of temporary files may
lead to local denial of service through symlink attacks.
CVE-2009-1254
Mike Coleman discovered that insufficient escaping of stream
URLs may lead to the execution of arbitrary commands if a user
is tricked into opening a malformed stream URL.
For the old stable distribution (etch), these problems have been fixed
in version 1.3.1-1+etch2. Due to a technical problem, this update cannot
be released synchronously with the stable (lenny) version, but will
appear soon.
For the stable distribution (lenny), these problems have been fixed in
version 2.1.8-2.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your tunapie package.
Upgrade instructions
- --------------------
wget url
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: tunapie
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!