oss-sec mailing list archives
CVE request: icecast: possible leak of on-connect scripts
From: Murray McAllister <mmcallis () redhat com>
Date: Thu, 20 Nov 2014 10:31:54 +1100
Good morning,It was reported that Icecast could possibly leak the contents of on-connect scripts to clients, which may contain sensitive information. This issue has been fixed in the 2.4.1 release:
http://icecast.org/news/icecast-release-2_4_1/"Fix on-connect and on-disconnect script STDIN/STDOUT/STDERR corruption due to shared file descriptors."
References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770222 https://trac.xiph.org/ticket/2089 Cheers, -- Murray McAllister / Red Hat Product Security https://bugzilla.redhat.com/show_bug.cgi?id=1165880
Current thread:
- CVE request: icecast: possible leak of on-connect scripts Murray McAllister (Nov 19)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 20)
- Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm (Nov 25)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 25)
- Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm (Nov 25)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 20)