Debian Security Advisory DSA 1583-1 (gnome-peercast)

The remote host is missing an update to gnome-peercast announced via advisory DSA 1583-1.

Several remote vulnerabilities have been discovered in Gnome PeerCast, the Gnome interface to PeerCast, a P2P audio and video streaming server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6454 Luigi Auriemma discovered that PeerCast is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. CVE-2008-2040 Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execure arbitrary code. For the stable distribution (etch), these problems have been fixed in version 0.5.4-1.1etch0. For the unstable distribution (sid), the first issue has been fixed in 0.5.4-1.2. The second issue will be fixed soon. We recommend that you upgrade your gnome-peercast package.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201583-1