Candidate: CVE-2014-9091
PublicDate: 2014-12-10 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9091
 https://trac.xiph.org/changeset/19137/
 http://www.openwall.com/lists/oss-security/2014/11/26
Description:
 Icecast before 2.4.0 does not change the supplementary group privileges
 when <changeowner> is configured, which allows local users to gain
 privileges via unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/icecast2/+bug/1449771
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_icecast2:
 upstream: https://trac.xiph.org/changeset/19137/
upstream_icecast2: released (2.4.0-1)
lucid_icecast2: ignored (reached end-of-life)
precise_icecast2: ignored (reached end-of-life)
precise/esm_icecast2: DNE (precise was needed)
trusty_icecast2: released (2.3.3-2ubuntu1.14.04.1)
trusty/esm_icecast2: DNE (trusty was released [2.3.3-2ubuntu1.14.04.1])
utopic_icecast2: released (2.3.3-2ubuntu1.14.10.1)
vivid_icecast2: not-affected (2.4.0-1)
vivid/stable-phone-overlay_icecast2: DNE
vivid/ubuntu-core_icecast2: DNE
wily_icecast2: not-affected (2.4.0-1)
xenial_icecast2: not-affected (2.4.0-1)
yakkety_icecast2: not-affected (2.4.0-1)
zesty_icecast2: not-affected (2.4.0-1)
devel_icecast2: not-affected (2.4.0-1)