GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Dec 26, 2014 1:26 am Post subject: [ GLSA 201412-38 ] Icecast: Multiple Vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Icecast: Multiple Vulnerabilities (GLSA 201412-38)
Severity: high
Exploitable: local, remote
Date: December 26, 2014
Bug(s): #529956, #530784
ID: 201412-38
Synopsis
Two vulnerabilities have been found in Icecast, possibly resulting
in privilege escalation or disclosure of information.
Background
Icecast is an open source alternative to SHOUTcast that supports MP3,
OGG (Vorbis/Theora) and AAC streaming.
Affected Packages
Package: net-misc/icecast
Vulnerable: < 2.4.1
Unaffected: >= 2.4.1
Architectures: All supported architectures
Description
Two vulnerabilities have been discovered in Icecast: - Icecast does not properly handle shared file descriptors
(CVE-2014-9018)
- Supplementary group privileges are not changed (CVE-2014-9091)
Impact
A local attacker can possibly gain escalated privileges or obtain
sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Icecast users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/icecast-2.4.1"
|
References
CVE-2014-9018
CVE-2014-9091 |
|
News & Announcements
