ALT-PU-2018-1067-1
Closed vulnerabilities
Modified: 2024-11-21
CVE-2011-4612
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
Modified: 2024-11-21
CVE-2014-9018
Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.
- http://icecast.org/news/icecast-release-2_4_1/
- http://icecast.org/news/icecast-release-2_4_1/
- openSUSE-SU-2014:1593
- openSUSE-SU-2014:1593
- MDVSA-2014:231
- MDVSA-2014:231
- [oss-security] 20141120 CVE request: icecast: possible leak of on-connect scripts
- [oss-security] 20141120 CVE request: icecast: possible leak of on-connect scripts
- [oss-security] 20141120 Re: CVE request: icecast: possible leak of on-connect scripts
- [oss-security] 20141120 Re: CVE request: icecast: possible leak of on-connect scripts
- 71312
- 71312
- icecast-cve20149091-priv-esc(98991)
- icecast-cve20149091-priv-esc(98991)
- https://trac.xiph.org/ticket/2087
- https://trac.xiph.org/ticket/2087
- https://trac.xiph.org/ticket/2089
- https://trac.xiph.org/ticket/2089
Modified: 2024-11-21
CVE-2014-9091
Icecast before 2.4.0 does not change the supplementary group privileges when
- http://icecast.org/news/icecast-release-2_4_0/
- http://icecast.org/news/icecast-release-2_4_0/
- openSUSE-SU-2014:1591
- openSUSE-SU-2014:1591
- [oss-security] 20141125 Re: Re: CVE request: icecast: possible leak of on-connect scripts
- [oss-security] 20141125 Re: Re: CVE request: icecast: possible leak of on-connect scripts
- [oss-security] 20141126 Re: CVE request: icecast: possible leak of on-connect scripts
- [oss-security] 20141126 Re: CVE request: icecast: possible leak of on-connect scripts
- https://bugzilla.redhat.com/show_bug.cgi?id=1168146
- https://bugzilla.redhat.com/show_bug.cgi?id=1168146
- https://trac.xiph.org/changeset/19137/
- https://trac.xiph.org/changeset/19137/
Modified: 2024-11-21
CVE-2015-3026
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."
- FEDORA-2015-13106
- FEDORA-2015-13106
- FEDORA-2015-13077
- FEDORA-2015-13077
- FEDORA-2015-13083
- FEDORA-2015-13083
- openSUSE-SU-2015:0728
- openSUSE-SU-2015:0728
- [Icecast-dev] 20150408 Icecast 2.4.2 - security release
- [Icecast-dev] 20150408 Icecast 2.4.2 - security release
- DSA-3239
- DSA-3239
- [oss-security] 20150408 Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2
- [oss-security] 20150408 Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2
- [oss-security] 20150408 CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2
- [oss-security] 20150408 CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2
- 73965
- 73965
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120
- GLSA-201508-03
- GLSA-201508-03
- https://trac.xiph.org/changeset/27abfbbd688df3e3077b535997330aa06603250f/icecast-server
- https://trac.xiph.org/changeset/27abfbbd688df3e3077b535997330aa06603250f/icecast-server
- https://trac.xiph.org/ticket/2191
- https://trac.xiph.org/ticket/2191