Advisories » MGASA-2014-0494

Updated icecast package fixes security vulnerability

Publication date: 26 Nov 2014
Modification date: 26 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-9018

Description

Icecast did not properly handle the launching of "scripts" on connect
or disconnect of sources. This could result in sensitive information
from these scripts leaking to (external) clients. (CVE-2014-9018)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14629
• https://trac.xiph.org/ticket/2089
• https://trac.xiph.org/ticket/2087
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9018

SRPMS

4/core

• icecast-2.3.2-8.1.mga4

3/core

• icecast-2.3.2-7.1.mga3