DSA-1764-1 tunapie -- severalID: oval:org.secpod.oval:def:600337 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in Tunapie, a GUI frontend to video and radio streams. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1253 Kees Cook discovered that insecure handling of temporary files may lead to local denial of service through symlink attacks. CVE-2009-1254 Mike Coleman discovered that insufficient escaping of stream URLs may lead to the execution of arbitrary commands if a user is tricked into opening a malformed stream URL. For the old stable distribution , these problems have been fixed in version 1.3.1-1+etch2. Due to a technical problem, this update cannot be released synchronously with the stable version, but will appear soon. For the stable distribution , these problems have been fixed in version 2.1.8-2. For the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your tunapie package.