A CVE was requested for a security issue fixed in icecast 2.4.2: http://openwall.com/lists/oss-security/2015/04/08/8 Mageia 5 is affected. Mageia 4 has 2.3.2 and the issue was introduced in 2.3.3, so it is not affected. The icecast package should be updated to 2.4.2 (as 2.3.3 is EOL) or dropped. There is PoC information in the message linked above. Reproducible: Steps to Reproduce:
CC: (none) => cjwWhiteboard: (none) => MGA5TOO
Thanks, icecast 2.4.2 built and install-tested on cauldron. Now I only need to test if it produces a proper audio stream.
Assignee: bugsquad => cjw
CVE-2015-3026 has been assigned: http://openwall.com/lists/oss-security/2015/04/08/11
Summary: icecast new security issue fixed upstream in 2.4.2 => icecast new security issue fixed upstream in 2.4.2 (CVE-2015-3026)
icecast-2.4.2-1.mga5 uploaded for Cauldron. Thanks Christiaan!
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/640165/Whiteboard: MGA5TOO => (none)