GLSA-201412-38 : Icecast: Multiple Vulnerabilities
Medium Nessus Plugin ID 80243
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201412-38 (Icecast: Multiple Vulnerabilities)
Two vulnerabilities have been discovered in Icecast:
Icecast does not properly handle shared file descriptors (CVE-2014-9018) Supplementary group privileges are not changed (CVE-2014-9091) Impact :
A local attacker can possibly gain escalated privileges or obtain sensitive information.
There is no known workaround at this time.
SolutionAll Icecast users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/icecast-2.4.1'