A vulnerability in Icecast, can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an out-of-bounds read error within the web interface when handling Basic Authorization requests. This can be exploited to crash the application by passing a specially crafted, overly long string (about 3000 bytes) in a "Authorization:" header. The vulnerability has been confirmed in version 2.0.0 for Windows. Other versions may also be affected. Reproducible: Always Steps to Reproduce: 1. 2. 3. Icecast 2.0.1 has been released to plug the hole See http://secunia.com/advisories/11578/ for the advisory.
Like the Xiph guys say, "this release contains ONLY the fix for this issue" so it shouldn't be a painful upgrade. Sound guys, could you bump the ebuild to 2.0.1 ?
2.0.1 is in cvs
x86, sparc, amd64, please test/mark stable.
Stable on x86 + amd64
Already marked stable on sparc, but tested here and it's good to go.
GLSA draft in progress
GLSA 200405-10
