The icecast-server (a streaming music server) package as distributed in Debian GNU/Linux 2.2 has several security problems: if a client added a / after the filename of a file to be downloaded the server would crash by escaping dots as E it was possible to circumvent security measures and download arbitrary files there were several buffer overflows that could be exploited to gain root access These have been fixed in version 1.3.10-1, and we strongly recommend that you upgrade your icecast-server package immediately. The i386 package mentioned in the DSA-089-1 advisory was incorrectly compiled and will not run on Debian GNU/Linux potato machines. This has been corrected in version 1.3.10-1.1.
The icecast-server (a streaming music server) package as distributed in Debian GNU/Linux 2.2 has several security problems:
These have been fixed in version 1.3.10-1, and we strongly recommend that you upgrade your icecast-server package immediately.
The i386 package mentioned in the DSA-089-1 advisory was incorrectly compiled and will not run on Debian GNU/Linux potato machines. This has been corrected in version 1.3.10-1.1.
MD5 checksums of the listed files are available in the original advisory. (DSA-089-2)