Debian: New gnome-peercast packages fix several vulnerabilities

    Date20 May 2008
    CategoryDebian
    3358
    Posted ByLinuxSecurity Advisories
    Luigi Auriemma discovered that PeerCast is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1583-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    May 20, 2008                          http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : gnome-peercast
    Vulnerability  : buffer overflow
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-6454 CVE-2008-2040
    Debian Bug     : 466539
    
    Several remote vulnerabilities have been discovered in Gnome PeerCast,
    the Gnome interface to PeerCast, a P2P audio and video streaming
    server. The Common Vulnerabilities and Exposures project identifies the
    following problems:
    
    CVE-2007-6454
    
        Luigi Auriemma discovered that PeerCast is vulnerable to a heap
        overflow in the HTTP server code, which allows remote attackers to
        cause a denial of service and possibly execute arbitrary code via a
        long SOURCE request.
    
    CVE-2008-2040
    
        Nico Golde discovered that PeerCast, a P2P audio and video streaming
        server, is vulnerable to a buffer overflow in the HTTP Basic
        Authentication code, allowing a remote attacker to crash PeerCast or
        execure arbitrary code.
    
    For the stable distribution (etch), these problems have been fixed in
    version 0.5.4-1.1etch0.
    
    For the unstable distribution (sid), the first issue has been fixed in
    0.5.4-1.2. The second issue will be fixed soon.
    
    We recommend that you upgrade your gnome-peercast package.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0.dsc
        Size/MD5 checksum:      956 e2d40d2cd79ac54cefb00a6fa9b747d2
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0.diff.gz
        Size/MD5 checksum:     3104 a17daf736115641d4ab3a6c41aa152c3
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4.orig.tar.gz
        Size/MD5 checksum:   800116 e689715d8e70cdb0ce684ccce063a58f
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_alpha.deb
        Size/MD5 checksum:   296926 b1ebff0148fc69634eede7fffc114d51
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_amd64.deb
        Size/MD5 checksum:   257812 33d4c4fd7bed425a4cee0268e44dcc20
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_hppa.deb
        Size/MD5 checksum:   297822 e5795eb9b0d5d08d042825e05c04c0f7
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_i386.deb
        Size/MD5 checksum:   254172 a6e46c6422c8a76df706375cba85461e
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_ia64.deb
        Size/MD5 checksum:   346408 34f8ffc5f763a013ff5bc87832bdf77a
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_mips.deb
        Size/MD5 checksum:   285802 62e99808d3a9a015139500c92b595089
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_mipsel.deb
        Size/MD5 checksum:   284316 f84d8576550138d846b5f3e6790db54f
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_powerpc.deb
        Size/MD5 checksum:   270324 e83511effbc2f89183145dae92e27ecf
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_s390.deb
        Size/MD5 checksum:   260410 ac50ca3aa93414140f955f131fa050bc
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_sparc.deb
        Size/MD5 checksum:   251018 5ff3b23b8ec68fa47ed19f8abafac669
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.