ALT-PU-2018-1067-1

Обновление пакета icecast в ветке sisyphus

Версия2.4.3-alt1

Задание#198428

Опубликовано2018-01-23

Макс. серьёзностьMEDIUM

Серьёзность:

Закрытые проблемы (4)

MEDIUM5.0

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.

Опубликовано: 2012-11-20Изменено: 2026-04-29

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

Ссылки

MEDIUM5.0

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.

Опубликовано: 2014-12-03Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

Ссылки

MEDIUM4.6

Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.

Опубликовано: 2014-12-10Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

Ссылки

MEDIUM5.0

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."

Опубликовано: 2015-04-29Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ссылки