Debian Security Advisory

DSA-1583-1 gnome-peercast -- buffer overflow

Date Reported:
20 May 2008
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 466539.
In Mitre's CVE dictionary: CVE-2007-6454, CVE-2008-2040.
More information:

Several remote vulnerabilities have been discovered in GNOME PeerCast, the GNOME interface to PeerCast, a P2P audio and video streaming server. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-6454

    Luigi Auriemma discovered that PeerCast is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.

  • CVE-2008-2040

    Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execute arbitrary code.

For the stable distribution (etch), these problems have been fixed in version 0.5.4-1.1etch0.

gnome-peercast has been removed from the unstable distribution (sid).

We recommend that you upgrade your gnome-peercast package.

Fixed in:

Debian GNU/Linux 4.0 (etch)

HP Precision:
Intel IA-32:
Intel IA-64:
Big-endian MIPS:
Little-endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.