[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200801-22.xml - gentoo-commits

From:	"Pierre-Yves Rofes (py)" <py@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200801-22.xml
Date:	Wed, 30 Jan 2008 23:11:10
Message-Id:	`E1JKM5C-0001MP-RG@stork.gentoo.org`

1

py          08/01/30 23:11:06

2

3

  Added:                glsa-200801-22.xml

4

  Log:

5

  GLSA 200801-22

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200801-22.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-22.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-22.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200801-22.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200801-22">

21

  <title>PeerCast: Buffer Overflow</title>

22

  <synopsis>

23

    A buffer overflow vulnerability has been discovered in PeerCast.

24

  </synopsis>

25

  <product type="ebuild">peercast</product>

26

  <announced>January 30, 2008</announced>

27

  <revised>January 30, 2008: 01</revised>

28

  <bug>202747</bug>

29

  <access>remote</access>

30

  <affected>

31

    <package name="media-sound/peercast" auto="yes" arch="*">

32

      <unaffected range="ge">0.1218</unaffected>

33

      <vulnerable range="lt">0.1218</vulnerable>

34

    </package>

35

  </affected>

36

  <background>

37

<p>

38

    PeerCast is a client and server for P2P-radio network

39

    </p>

40

  </background>

41

  <description>

42

<p>

43

    Luigi Auriemma reported a heap-based buffer overflow within the

44

    "handshakeHTTP()" function when processing HTTP requests.

45

    </p>

46

  </description>

47

  <impact type="high">

48

<p>

49

    A remote attacker could send a specially crafted request to the

50

    vulnerable server, possibly resulting in the remote execution of

51

    arbitrary code with the privileges of the user running the PeerCast

52

    server, usually "nobody".

53

    </p>

54

  </impact>

55

  <workaround>

56

<p>

57

    There is no known workaround at this time.

58

    </p>

59

  </workaround>

60

  <resolution>

61

<p>

62

    All PeerCast users should upgrade to the latest version:

63

    </p>

64

    <code>

65

    # emerge --sync

66

    # emerge --ask --oneshot --verbose &quot;&gt;=media-sound/peercast-0.1218&quot;</code>

67

  </resolution>

68

  <references>

69

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6454">CVE-2007-6454</uri>

70

  </references>

71

  <metadata tag="requester" timestamp="Fri, 11 Jan 2008 08:22:19 +0000">

72

p-y

73

  </metadata>

74

  <metadata tag="submitter" timestamp="Tue, 29 Jan 2008 19:51:49 +0000">

75

p-y

76

  </metadata>

77

  <metadata tag="bugReady" timestamp="Tue, 29 Jan 2008 23:04:06 +0000">

78

    falco

79

  </metadata>

80

</glsa>

--

85

gentoo-commits@l.g.o mailing list

1	py 08/01/30 23:11:06
2
3	Added: glsa-200801-22.xml
4	Log:
5	GLSA 200801-22
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200801-22.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-22.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200801-22.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200801-22.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200801-22">
21	<title>PeerCast: Buffer Overflow</title>
22	<synopsis>
23	A buffer overflow vulnerability has been discovered in PeerCast.
24	</synopsis>
25	<product type="ebuild">peercast</product>
26	<announced>January 30, 2008</announced>
27	<revised>January 30, 2008: 01</revised>
28	<bug>202747</bug>
29	<access>remote</access>
30	<affected>
31	<package name="media-sound/peercast" auto="yes" arch="*">
32	<unaffected range="ge">0.1218</unaffected>
33	<vulnerable range="lt">0.1218</vulnerable>
34	</package>
35	</affected>
36	<background>
37	<p>
38	PeerCast is a client and server for P2P-radio network
39	</p>
40	</background>
41	<description>
42	<p>
43	Luigi Auriemma reported a heap-based buffer overflow within the
44	"handshakeHTTP()" function when processing HTTP requests.
45	</p>
46	</description>
47	<impact type="high">
48	<p>
49	A remote attacker could send a specially crafted request to the
50	vulnerable server, possibly resulting in the remote execution of
51	arbitrary code with the privileges of the user running the PeerCast
52	server, usually "nobody".
53	</p>
54	</impact>
55	<workaround>
56	<p>
57	There is no known workaround at this time.
58	</p>
59	</workaround>
60	<resolution>
61	<p>
62	All PeerCast users should upgrade to the latest version:
63	</p>
64	<code>
65	# emerge --sync
66	# emerge --ask --oneshot --verbose ">=media-sound/peercast-0.1218"</code>
67	</resolution>
68	<references>
69	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6454">CVE-2007-6454</uri>
70	</references>
71	<metadata tag="requester" timestamp="Fri, 11 Jan 2008 08:22:19 +0000">
72	p-y
73	</metadata>
74	<metadata tag="submitter" timestamp="Tue, 29 Jan 2008 19:51:49 +0000">
75	p-y
76	</metadata>
77	<metadata tag="bugReady" timestamp="Tue, 29 Jan 2008 23:04:06 +0000">
78	falco
79	</metadata>
80	</glsa>
81
82
83
84	--
85	gentoo-commits@l.g.o mailing list

Gentoo Archives: gentoo-commits