|
| Current Newswire:
Conectiva Linux Security Announcement - icecastMar 19, 2001, 20:56 (0 Talkback[s])Date: Mon, 19 Mar 2001 11:17:06 -0300 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : icecast SUMMARY : Remote buffer overflow vulnerabilities DATE : 2001-03-19 11:15:00 ID : CLA-2001:387 RELEVANT RELEASES : 4.1, 4.2, 5.0, 5.1, 6.0 DESCRIPTION Matt Messier (mmessier@prilnari.com) and John Viega (viega@list.org) have identified several buffer overflow and format strings problems in Icecast that could be remotely exploited. Our latest update to this software changes the package to use an unprivileged user ("icecast") for the daemon, so the impact of this vulnerability is not as high. Recent distributions (CL >= 5.1) have this package compiled with StackGuard to make it more difficult to exploit buffer overflows. SOLUTION DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ADDITIONAL INSTRUCTIONS rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates (replace 6.0 with the correct version number if you are not running CL6.0) - run: apt-get update - after that, execute: apt-get upgradeDetailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en All packages are signed with Conectiva's GPG key. The key and
instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en |