Security update for icecast SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0728-1 Final 1 1 2015-04-09T13:23:05Z current 2015-04-09T13:23:05Z 2015-04-09T13:23:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for icecast The streaming server icecast was updated to fix a remote denial of service vulnerability. A remote attacker could crash icecast and cause denial of service when URL Auth is configured and used with stream_auth without credentials (bnc#926402 CVE-2015-3026) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-04/msg00030.html E-Mail link for openSUSE-SU-2015:0728-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings icecast-2.3.3-2.15.1 icecast-doc-2.3.3-2.15.1 Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." CVE-2015-3026 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00030.html https://www.suse.com/security/cve/CVE-2015-3026.html CVE-2015-3026 https://bugzilla.suse.com/926402 SUSE Bug 926402