Security: mt-daapd DAAP audio server

last updated in Categories Debian Linux, GNU/Open source, Linux, Security Alert

Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server). The Common Vulnerabilities and Exposures project identifies the following three problems:

Insufficient validation and bounds checking of the Authorization: HTTP header enables a heap buffer overflow, potentially enabling the execution of arbitrary code.

Format string vulnerabilities in debug logging within the authentication of XML-RPC requests could enable the execution of arbitrary code.

An integer overflow weakness in the handling of HTTP POST variables could allow a heap buffer overflow and potentially arbitrary code execution.

How do I patch my system?

Simply type the following command:
# apt-get update
# apt-get upgrade

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.