Bugzilla – Bug 906538
VUL-0: CVE-2014-9018: icecast: possible leak of on-connect scripts
Last modified: 2015-02-19 02:33:49 UTC
rh#1165880 It was reported that Icecast could possibly leak the contents of on-connect scripts, which may contain sensitive information. This issue has been fixed in the 2.4.1 release. References: https://bugzilla.redhat.com/show_bug.cgi?id=1165880 https://trac.xiph.org/changeset/19312 https://trac.xiph.org/attachment/ticket/2087/env-nofeature.patch https://trac.xiph.org/ticket/2089 http://icecast.org/news/icecast-release-2_4_1/
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (906538) was mentioned in https://build.opensuse.org/request/show/263121 12.3 / icecast https://build.opensuse.org/request/show/263122 13.1 / icecast https://build.opensuse.org/request/show/263123 13.2 / icecast
The fixed packages are submitted to openSUSE 12.3, 13.1 and 13.2. SLE don't contain this package.
openSUSE-SU-2014:1591-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 906538,907300 CVE References: CVE-2014-9018,CVE-2014-9091 Sources used: openSUSE 13.1 (src): icecast-2.3.3-2.12.1 openSUSE 12.3 (src): icecast-2.3.2-72.4.1
openSUSE-SU-2014:1593-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 906538 CVE References: CVE-2014-9018 Sources used: openSUSE 13.2 (src): icecast-2.4.0-2.8.1