[SECURITY] [DLA-1588-1] icecast2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA-1588-1] icecast2 security update
From: Abhijith PA <abhijith@disroot.org>
Date: Mon, 26 Nov 2018 19:24:12 +0530
Message-id: <[🔎] 47aa625e-d234-06dd-c102-ba1fe29184ac@disroot.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : icecast2
Version        : 2.4.0-1.1+deb8u2
CVE ID         : CVE-2018-18820
Debian Bug     : 912611


A buffer overflow was discovered in the URL-authentication backend of
the icecast2, the popular open source streaming media server. If the
backend is enabled, then any malicious HTTP client can send a request
for specific resource including a crafted header which can overwrite
the server's stack contents, leading to denial of service and
potentially remote code execution.

For Debian 8 "Jessie", this problem has been fixed in version
2.4.0-1.1+deb8u2.

We recommend that you upgrade your icecast2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlv7+wMACgkQhj1N8u2c
KO+eiw//QXEeGDc6vBF1MvdS18nb4obl0mvBTvw1wsEVO6feRfHoKgwe/gbis04I
djUt9d6+LJQHCsRM/LceQ8aZqAYReKh8HvQTtS1N1R8OUCwM3fsVMZPM5zH0yUx3
gPP46Lp2AWld+N4MDttfYgMD5Jb1BxZCLgnRy8Im7SgQy9J8D6FeDkkYhosGaddc
PthldI02Zt7bvn/P3JtLjtQq6Ebt4BIRh6kzr4w4gR1FQDAtLtvMre7ydDLqH7ab
mVTTrhpdCAlIwsxqnBbydcYOkNPiiQyU/P4CxqGOk+0rlSqn811SABJBTa/Ywc9y
jc2uRGGT5XZoqb7eHhSDGzAGlrJerr/utQYSu5HzhoKd8GNITxVxsMzHT3XDtbnf
Iq1kNj/YI/BNQysAmzDamhQK5E7fcRNDnzD1H7Dqp+2c43JcIdHwpG9oKgx9C92w
bPnJQDibenjr/3Gb7BcGznnauii2/tW1zYuKdc2h+jj491d3Po7i1hLb3Z1y3pH7
kXCDnp/z3BRZpO3boFvMCdHZTrlD0RbWwtd/QyjvZ3uuwzGvAASwNuz0g/SMqy/C
EywDEbIx6rsWso+xjM+UYTItX1sb6sfFnSjnnrQ1FeBoFWEZbgb5yqmxwuCH17PM
74wwJfdyAFJNx1o3BJgdW1r8UWS+ll1Wt963gJ6T2sI3NBqgNZ0=
=K7iP
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1596-1] squid3 security update
Next by Date: [SECURITY] [DLA-1589-1] keepalived security update
Previous by thread: [SECURITY] [DLA 1596-1] squid3 security update
Next by thread: [SECURITY] [DLA-1589-1] keepalived security update
Index(es):
- Date
- Thread