Package: icecast2
Severity: grave
Tags: security
Justification: user security hole

Several security issues have been reported for Icecast2. Please refer to
the CAN Ids in the changelog when fixing them:

CAN-2005-0838:
Multiple buffer overflows in the XSL parser may cause DoS and possibly
remote code execution through overly long values in the xsl:when and
xsl:if tags and overly long select values in the xsl:value-of tag.

CAN-2005-0839:
A remote attacker can bypass security measures and can obtain access to
XSL files through a request for an xsl-file with a trailing dot.

See these URLs for reference:
http://xforce.iss.net/xforce/xfdb/19760/
http://xforce.iss.net/xforce/xfdb/19753/

I could not find fixes on the Icecast website, please contact upstream for
a solution.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to