A vulnerability in Icecast, can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an out-of-bounds read error within the web interface when handling Basic Authorization requests. This can be exploited to crash the application by passing a specially crafted, overly long string (about 3000 bytes) in a "Authorization:" header.
The vulnerability has been confirmed in version 2.0.0 for Windows. Other versions may also be affected.
Steps to Reproduce:
Icecast 2.0.1 has been released to plug the hole
See http://secunia.com/advisories/11578/ for the advisory.
Like the Xiph guys say, "this release contains ONLY the fix for this issue" so it shouldn't be a painful upgrade.
Sound guys, could you bump the ebuild to 2.0.1 ?
2.0.1 is in cvs
x86, sparc, amd64, please test/mark stable.
Stable on x86 + amd64
Already marked stable on sparc, but tested here and it's good to go.
GLSA draft in progress