Package: icecast2 Severity: grave Tags: security Justification: user security hole
Several security issues have been reported for Icecast2. Please refer to the CAN Ids in the changelog when fixing them: CAN-2005-0838: Multiple buffer overflows in the XSL parser may cause DoS and possibly remote code execution through overly long values in the xsl:when and xsl:if tags and overly long select values in the xsl:value-of tag. CAN-2005-0839: A remote attacker can bypass security measures and can obtain access to XSL files through a request for an xsl-file with a trailing dot. See these URLs for reference: http://xforce.iss.net/xforce/xfdb/19760/ http://xforce.iss.net/xforce/xfdb/19753/ I could not find fixes on the Icecast website, please contact upstream for a solution. Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]