Debian 4.0 DSA-1597-2 Moderate: mt-daapd Authentication Flaw Regression Fix
debian
August 30, 2008
In DSA-1597-1, an update was announced for multiple vulnerabilities in
the mt-daapd audio server
Topics Covered
Summary
CVE-2007-5824
Insufficient validation and bounds checking of the Authorization:
HTTP header enables a heap buffer overflow, potentially enabling
the execution of arbitrary code.
CVE-2007-5825
Format string vulnerabilities in debug logging within the
authentication of XML-RPC requests could enable the execution of
arbitrary code.
CVE-2008-1771
An integer overflow weakness in the handling of HTTP POST
variables could allow a heap buffer overflow and potentially
arbitrary code execution.
For the stable distribution (etch), these problems have been fixed in
version 0.2.4+r1376-1.1+etch2.
We recommend that you upgrade your mt-daapd package.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get u...
PREVIOUS
NEXT
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!