Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
203
security advisorybuffer overflowremote code executionMageia 6: 2018-0472 Critical: Icecast Buffer Overflow Alert
Buffer overflows in URL auth code if there is a "mount" definition that enables URL authentication. A malicious client could send long HTTP headers, leading to a buffer overflow and potential remote code execution (CVE-2018-18820). . MGASA-2018-0472 - Updated icecast packages fix security vulnerability Publication date: 28 Nov 2018 URL: https://advisories.mageia.org/MGASA-2018-0472.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-18820 Buffer overflows in URL auth code if there is a "mount" definition that enables URL authentication. A malicious client could send long HTTP headers, leading to a buffer overflow and potential remote code execution (CVE-2018-18820). References: - https://bugs.mageia.org/show_bug.cgi?id=23798 - https://www.openwall.com/lists/oss-security/2018/11/01/3 - https://www.cve.org/CVERecord?id=CVE-2018-18820 SRPMS: - 6/core/icecast-2.4.4-1.mga6 . Icecast's URL authentication flaw enables remote code execution due to buffer overflows. Ensure you update the package to mitigate this security risk.. Icecast Security, Buffers Overflow, Remote Code Execution, Mageia Update. . Severity: Critical. LinuxSecurity.com Team
Nov 28, 2018
•Critical
Mageia
202
security advisorybuffer overflowremote code executionopenSUSE: 2018:3754-1 Important Icecast Buffer Overflow Security Advisory
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for icecast ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3754-1 Rating: important References: #1114434 Cross-References: CVE-2018-18820 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for icecast fixes the following security issues: - CVE-2018-18820: A buffer overflow in url-auth could have potentially allowed remote code execution (boo#1114434) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1395=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1395=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2018-1395=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): icecast-2.4.2-7.3.1 icecast-debuginfo-2.4.2-7.3.1 icecast-debugsource-2.4.2-7.3.1 - openSUSE Leap 42.3 (noarch): icecast-doc-2.4.2-7.3.1 - openSUSE Leap 15.0 (noarch): icecast-doc-2.4.3-lp150.2.3.1 - openSUSE Leap 15.0 (x86_64): icecast-2.4.3-lp150.2.3.1 icecast-debuginfo-2.4.3-lp150.2.3.1 icecast-debugsource-2.4.3-lp150.2.3.1 - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64): icecast-2.4.3-bp150.3.3.1 icecast-debuginfo-2.4.3-bp150.3.3.1 icecast-debugsource-2.4.3-bp150.3.3.1 - openSUSE Backports SLE-15 (noarch): icecast-doc-2.4.3-bp150.3.3.1 References: https://www.suse.com/security/cve/CVE-2018-18820.html https://bugzilla.suse.com/1114434 -- . The latest Icecast update fixes a severe buffer overflow vulnerability for openSUSE systems. Users should promptly apply the update using tools like zypper or YaST.. openSUSE Icecast Update, Buffer Overflow Fix, Icecast Security Patch. . Severity: Important. LinuxSecurity.com Team
Nov 13, 2018
•Important
OpenSUSE
89
security advisorycritical issueupdateFedora 22: 2015-13083 Critical: Icecast DoS Fix for CVE-2015-3026
* update to 2.4.2 * fix CVE-2015-3026 * use %license on Fedora 22+. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-13083 2015-08-10 07:08:32 -------------------------------------------------------------------------------- Name : icecast Product : Fedora 22 Version : 2.4.2 Release : 1.fc22 URL : https://www.icecast.org/ Summary : ShoutCast compatible streaming media server Description : Icecast is a streaming media server which currently supports Ogg Vorbis and MP3 audio streams. It can be used to create an Internet radio station or a privately running jukebox and many things in between. It is very versatile in that new formats can be added relatively easily and supports open standards for communication and interaction. -------------------------------------------------------------------------------- Update Information: * update to 2.4.2 * fix CVE-2015-3026 * use %license on Fedora 22+ -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 27 2015 Björn Esser - 2.4.2-1 - update to 2.4.2 (#1236296) - fix CVE-2015-3026 (#1210198, #1210199, #1210200) - use %license on Fedora 22+ * Wed Jun 17 2015 Fedora Release Engineering - 2.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210198 - CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1210198 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update icecast' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 19, 2015
•Critical
Fedora
89
security advisorymoderateupdateFedora 21 Icecast Update: 2015-13077 Moderate DoS Threat Resolution
* update to 2.4.2 * fix CVE-2015-3026. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-13077 2015-08-10 07:08:16 -------------------------------------------------------------------------------- Name : icecast Product : Fedora 21 Version : 2.4.2 Release : 1.fc21 URL : https://www.icecast.org/ Summary : ShoutCast compatible streaming media server Description : Icecast is a streaming media server which currently supports Ogg Vorbis and MP3 audio streams. It can be used to create an Internet radio station or a privately running jukebox and many things in between. It is very versatile in that new formats can be added relatively easily and supports open standards for communication and interaction. -------------------------------------------------------------------------------- Update Information: * update to 2.4.2 * fix CVE-2015-3026 -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 27 2015 Björn Esser - 2.4.2-1 - update to 2.4.2 (#1236296) - fix CVE-2015-3026 (#1210198, #1210199, #1210200) - use %license on Fedora 22+ * Wed Jun 17 2015 Fedora Release Engineering - 2.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Thu Dec 4 2014 Björn Esser - 2.4.1-1 - update new to release v2.4.1 (#1101950) - fix CVE-2014-9091 (#1168146, #1168147, #1168148, #1168149) - fix CVE-2014-9018 (#1165880, #1165882, #1165883, #1165885) - unified spec-file for el5+ and Fedora - some improvements to readability - added doc-subpkg * Thu Dec 4 2014 Björn Esser - 2.3.3-6 - enabled fully hardened build (#954320) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210198 - CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1210198 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update icecast' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 19, 2015
•Important
Fedora
91
security advisorydenial of servicegentooGentoo: GLSA-201510-05 Moderate: Icecast Denial of Service
A bug in the Icecast code handling source client URL authentication causes a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201508-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Icecast: Denial of Service Date: August 15, 2015 Bugs: #545968 ID: 201508-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A bug in the Icecast code handling source client URL authentication causes a Denial of Service condition. Background ========= Icecast is an open source alternative to shoutcast that supports mp3, ogg (vorbis/theora) and aac streaming. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/icecast < 2.4.2 > = 2.4.2 Description ========== When stream_auth handler is defined for URL authentication and a request is sent without login credentials, a Denial of Service condition can occur. Impact ===== A remote attacker could possibly cause a Denial of Service condition. Workaround ========= Users of affected versions can change stream_auth mountpoints to use password authentication instead. Resolution ========= All icecast users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/icecast-2.4.2" References ========= [ 1 ] CVE-2015-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3026 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201508-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 15, 2015
•Important
Gentoo
89
security advisoryFedoraDoSFedora 23: Icecast 2.4.2 Moderate DoS Security Advisory
* update to 2.4.2 * fix CVE-2015-3026 * use %license on Fedora 22+. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-13106 2015-08-10 07:09:51 -------------------------------------------------------------------------------- Name : icecast Product : Fedora 23 Version : 2.4.2 Release : 1.fc23 URL : https://www.icecast.org/ Summary : ShoutCast compatible streaming media server Description : Icecast is a streaming media server which currently supports Ogg Vorbis and MP3 audio streams. It can be used to create an Internet radio station or a privately running jukebox and many things in between. It is very versatile in that new formats can be added relatively easily and supports open standards for communication and interaction. -------------------------------------------------------------------------------- Update Information: * update to 2.4.2 * fix CVE-2015-3026 * use %license on Fedora 22+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210198 - CVE-2015-3026 icecast: NULL pointer dereference in stream_auth handler leading to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1210198 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update icecast' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 15, 2015
•Important
Fedora
198
security advisorydenial of servicemedium severityArch Linux: 202305-15 Medium: Icecast Denial Of Service Exploit
The package icecast before version 2.4.2-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-201504-12 ======================================== Severity: Medium Date : 2015-04-11 CVE-ID : CVE-2015-3026 Package : icecast Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package icecast before version 2.4.2-1 is vulnerable to denial of service. Resolution ========= Upgrade to 2.4.2-1. # pacman -Syu "icecast> =2.4.2-1" The problem has been fixed upstream in version 2.4.2. Workaround ========= None. Description ========== CVE-2015-3026 (denial of service): The bug can only be triggered if "stream_auth" is being used. This means, that all installations that use a default configuration are NOT affected.The default configuration only uses . Neither are simple mountpoints affected that use . A workaround, if installing an updated package is not possible, is to disable "stream_auth"and use instead. As far as we understand the bug only leads to a simple remote denial of service. The underlying issue is a null pointer dereference. For clarity: No remote code execution should be possible, server just segfaults. Impact ===== An attacker could kill, with triggering the server with a special URL, the icecast-server due to a null pointer dereference. References =========https://seclists.org/oss-sec/2015/q2/78 https://seclists.org/oss-sec/2015/q2/80 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3026 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120 http://lists.xiph.org/pipermail/icecast-dev/2015-April/002460.html . The notice highlights a critical vulnerability that could lead to a denial of service in icecast versions preceding 2.4.2-1 on Arch Linux.. Arch Linux, Icecast Denial Service, Medium Severity. . Severity: Medium. LinuxSecurity.com Team
Apr 11, 2015
•Medium
ArchLinux
198
security advisoryinformation leakcriticalArch Linux ASA-201411-32 Critical: Icecast Info Leak Issue
The package icecast before version 2.4.1-1 is vulnerable to information leak. . Arch Linux Security Advisory ASA-201411-32 ========================================= Severity: Critical Date : 2014-11-28 CVE-ID : CVE-2014-9018 Package : icecast Type : information leak Remote : Yes Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package icecast before version 2.4.1-1 is vulnerable to information leak. Resolution ========= Upgrade to 2.4.1-1. # pacman -Syu "icecast> =2.4.1-1" The problem has been fixed upstream in version 2.4.1. Workaround ========= Disable on-connect and on-disconnect scripts. Description ========== It was reported that Icecast could possibly leak the contents of on-connect scripts to clients, which may contain sensitive information. If on-connect/on-disconnect scripts are used, file descriptors of the server process remain open and could be written to or read from. Most pressing STDIN, STDOUT, STDERR are handled. Further all file descriptors up to 1024 are closed. There is a remaining (much lower) risk in combination of either a malicious or susceptible script and FDs above 1024. Impact ===== A remote attacker may be able to extract sensitive information from the process memory, including but not limited to passwords. References ========= http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9018 https://icecast.org/news/icecast-release-2_4_1/ https://bugs.archlinux.org/task/42912 https://seclists.org/oss-sec/2014/q4/716 . Protect your Arch Linux setup from vulnerabilities by updating icecast to address the severe data exposure problem.. Arch Linux, Icecast Security, Information Leak, Remote Access Risk, Security Update. . Severity: Critical. LinuxSecurity.com Team
Nov 28, 2014
•Critical
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!