Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo: GLSA-201510-05 Moderate: Icecast Denial of Service

gentoo
Calendar Grey August 15, 2015
Dist Gentoo Esm H88
Gentoo Linux Advisory GLSA 202109-01 pertains to a vulnerability in the OpenSSH package that could lead to unauthorized access; users should consider updating.
A bug in the Icecast code handling source client URL authentication causes a Denial of Service condition.

Summary

When stream_auth handler is defined for URL authentication and a request is sent without login credentials, a Denial of Service condition can occur.

Topics%20covered

Topics Covered

security advisory denial of service gentoo vulnerability service interruption icecast

Resolution

All icecast users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/icecast-2.4.2"

References

[ 1 ] CVE-2015-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3026

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201508-03
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
important
Lowest
Low
Medium
High
Critical

Severity: Normal
Title: Icecast: Denial of Service
Date: August 15, 2015
Bugs: #545968
ID: 201508-03

Topics%20covered

Topics Covered

security advisory denial of service gentoo vulnerability service interruption icecast

Synopsis

A bug in the Icecast code handling source client URL authentication causes a Denial of Service condition.

Background

Icecast is an open source alternative to shoutcast that supports mp3, ogg (vorbis/theora) and aac streaming.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/icecast < 2.4.2 >= 2.4.2

Impact

===== A remote attacker could possibly cause a Denial of Service condition.

Workaround

Users of affected versions can change stream_auth mountpoints to use password authentication instead.

Your message here