ALT-PU-2018-2245-1
Closed vulnerabilities
Published: 2012-11-20
Modified: 2025-04-11
Modified: 2025-04-11
CVE-2011-4612
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090668.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090695.html
- http://www.icecast.org/
- https://bugzilla.redhat.com/show_bug.cgi?id=768176
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090668.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090695.html
- http://www.icecast.org/
- https://bugzilla.redhat.com/show_bug.cgi?id=768176
Published: 2014-12-03
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-9018
Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
- http://icecast.org/news/icecast-release-2_4_1/
- http://lists.opensuse.org/opensuse-updates/2014-12/msg00038.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:231
- http://www.openwall.com/lists/oss-security/2014/11/19/23
- http://www.openwall.com/lists/oss-security/2014/11/20/22
- http://www.securityfocus.com/bid/71312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98991
- https://trac.xiph.org/ticket/2087
- https://trac.xiph.org/ticket/2089
- http://icecast.org/news/icecast-release-2_4_1/
- http://lists.opensuse.org/opensuse-updates/2014-12/msg00038.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:231
- http://www.openwall.com/lists/oss-security/2014/11/19/23
- http://www.openwall.com/lists/oss-security/2014/11/20/22
- http://www.securityfocus.com/bid/71312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98991
- https://trac.xiph.org/ticket/2087
- https://trac.xiph.org/ticket/2089
Published: 2014-12-10
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-9091
Icecast before 2.4.0 does not change the supplementary group privileges when
Severity: MEDIUM (4.6)
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
- http://icecast.org/news/icecast-release-2_4_0/
- http://lists.opensuse.org/opensuse-updates/2014-12/msg00037.html
- http://seclists.org/oss-sec/2014/q4/794
- http://seclists.org/oss-sec/2014/q4/802
- https://bugzilla.redhat.com/show_bug.cgi?id=1168146
- https://trac.xiph.org/changeset/19137/
- http://icecast.org/news/icecast-release-2_4_0/
- http://lists.opensuse.org/opensuse-updates/2014-12/msg00037.html
- http://seclists.org/oss-sec/2014/q4/794
- http://seclists.org/oss-sec/2014/q4/802
- https://bugzilla.redhat.com/show_bug.cgi?id=1168146
- https://trac.xiph.org/changeset/19137/
Published: 2015-04-29
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-3026
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163859.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164074.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00030.html
- http://lists.xiph.org/pipermail/icecast-dev/2015-April/002460.html
- http://www.debian.org/security/2015/dsa-3239
- http://www.openwall.com/lists/oss-security/2015/04/08/11
- http://www.openwall.com/lists/oss-security/2015/04/08/8
- http://www.securityfocus.com/bid/73965
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120
- https://security.gentoo.org/glsa/201508-03
- https://trac.xiph.org/changeset/27abfbbd688df3e3077b535997330aa06603250f/icecast-server
- https://trac.xiph.org/ticket/2191
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163859.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164074.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00030.html
- http://lists.xiph.org/pipermail/icecast-dev/2015-April/002460.html
- http://www.debian.org/security/2015/dsa-3239
- http://www.openwall.com/lists/oss-security/2015/04/08/11
- http://www.openwall.com/lists/oss-security/2015/04/08/8
- http://www.securityfocus.com/bid/73965
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120
- https://security.gentoo.org/glsa/201508-03
- https://trac.xiph.org/changeset/27abfbbd688df3e3077b535997330aa06603250f/icecast-server
- https://trac.xiph.org/ticket/2191