You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa PulseAudio

Sigurnosni nedostatak programskog paketa PulseAudio

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4355-1
May 12, 2020

pulseaudio vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

PulseAudio could allow unintended access to snap packages.

Software Description:
– pulseaudio: PulseAudio sound server

Details:

PulseAudio in Ubuntu contains additional functionality to mediate audio
recording for snap packages and it was discovered that this functionality
did not mediate PulseAudio module unloading. An attacker-controlled snap
with only the audio-playback interface connected could exploit this to
bypass access controls and record audio.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
pulseaudio 1:13.99.1-1ubuntu3.2

Ubuntu 19.10:
pulseaudio 1:13.0-1ubuntu1.2

Ubuntu 18.04 LTS:
pulseaudio 1:11.1-1ubuntu7.7

Ubuntu 16.04 LTS:
pulseaudio 1:8.0-0ubuntu3.12

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://usn.ubuntu.com/4355-1
CVE-2020-11931, https://launchpad.net/bugs/1877102

Package Information:
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.2
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.0-1ubuntu1.2
https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.7
https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.12
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEETCDAa12L3miIVNKKUdvcWMxVlXMFAl668sUACgkQUdvcWMxV
lXPLhg//RtllA3Q744oo1fODslVHnYPwPJ1q8u04VutEP1Sqycwv4n5fje3FVJ3z
9WgXhY3RaLXLINh+CCOWwJX2H2+uMs2FN499iFmkF+cKAtAsjXZlw7c/+/7iELsp
v6gyjWHhdzpqDZvlNQVNvh9W8De57CV4zjQZhtbLu+PdB/mNIURj+tJHYlxDxP3O
mKZl1LnzB+6au4MaFUXQm1eKcOnGNjlUg/0TrDWSWEd74Y3IRk17zGcx6c1Y5WcY
Z7bDPRxOyhdHhei+3UEFPlBCszn9XsqqMr1fOtuIH5ScX9NdxUk6AJwyjqe9VfpC
UixLUDqSIHNOeq85aiJxh9sy/Lo7Fyog7tx7aMRfTfGUp11jHGRMegS+8sYKjABJ
3ghjEbCsdsy7Clh2XyW3tGQMPtWkObyby5nZxl9kYHIHNaFk9uzBFkSZ3Ivhsse7
9/clJ6D5/Ua07iw5xxYo3OZM3Q26Zn6rZmFYK6Zhv+vDWgxs4B5KVgXBfz1SWbsQ
dHo4iPt1dZj6Fw6mv74FEIuqpwq3uflTiLJHnmuRwCZY1pOMTsHm69AEbphIg25l
wOwDS5Q7jNHu/fbxpOjgyK300tiGC3kfT58JHN5KgBYyTezbViQGhjZLKZAuEpFQ
6QBjtGqZmIwHZiazhNDM7zPq3xJzVZQGkGWbTC8VZCbBVMqjCrA=
=yCz8
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2020-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog...

Close