Your submission was sent successfully! Close

CVE-2014-9091

Published: 10 December 2014

Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors.

Priority

Medium

Status

Package Release Status
icecast2
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.0-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.4.0-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.3.3-2ubuntu1.14.04.1])
Patches:
Upstream: https://trac.xiph.org/changeset/19137/