Debian: New gnome-peercast packages fix several vulnerabilities
Summary
Luigi Auriemma discovered that PeerCast is vulnerable to a heap
overflow in the HTTP server code, which allows remote attackers to
cause a denial of service and possibly execute arbitrary code via a
long SOURCE request.
CVE-2008-2040
Nico Golde discovered that PeerCast, a P2P audio and video streaming
server, is vulnerable to a buffer overflow in the HTTP Basic
Authentication code, allowing a remote attacker to crash PeerCast or
execure arbitrary code.
For the stable distribution (etch), these problems have been fixed in
version 0.5.4-1.1etch0.
For the unstable distribution (sid), the first issue has been fixed in
0.5.4-1.2. The second issue will be fixed soon.
We recommend that you upgrade your gnome-peercast package.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Size/MD5 checksum: 956 e2d40d2cd79ac54cefb00a6fa9b747d2
Size/MD5 checksum: 3104 a17daf736115641d4ab3a6c41aa152c3
Size/MD5 checksum: 800116 e689715d8e70cdb0ce684ccce063a58f
alpha architecture (DEC Alpha)
Size/MD5 checksum: 296926 b1ebff0148fc69634eede7fffc114d51
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 257812 33d4c4fd7bed425a4cee0268e44dcc20
hppa architecture (HP PA RISC)
Size/MD5 checksum: 297822 e5795eb9b0d5d08d042825e05c04c0f7
i386 architecture (Intel ia32)
Size/MD5 checksum: 254172 a6e46c6422c8a76df706375cba85461e
ia64 architecture (Intel ia64)
Size/MD5 checksum: 346408 34f8ffc5f763a013ff5bc87832bdf77a
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 285802 62e99808d3a9a015139500c92b595089
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 284316 f84d8576550138d846b5f3e6790db54f
powerpc architecture (PowerPC)
Size/MD5 checksum: 270324 e83511effbc2f89183145dae92e27ecf
s390 architecture (IBM S/390)
Size/MD5 checksum: 260410 ac50ca3aa93414140f955f131fa050bc
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 251018 5ff3b23b8ec68fa47ed19f8abafac669
These files will probably be moved into the stable distribution on
its next update.
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org