Sigurnosni nedostatak programskog paketa pulseaudio

Preporuke

by - 24. studenoga 2020.0

Detalji os-a: WN7
Važnost: IMP
Operativni sustavi: L
Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4640-1
November 23, 2020

pulseaudio vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

PulseAudio could be made to expose sensitive information.

Software Description:
– pulseaudio: PulseAudio sound server

Details:

James Henstridge discovered that an Ubuntu-specific patch caused
PulseAudio to incorrectly handle snap client connections. An attacker
could possibly use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
libpulse-mainloop-glib0 1:13.99.2-1ubuntu2.1
libpulse0 1:13.99.2-1ubuntu2.1
libpulsedsp 1:13.99.2-1ubuntu2.1
pulseaudio 1:13.99.2-1ubuntu2.1
pulseaudio-equalizer 1:13.99.2-1ubuntu2.1
pulseaudio-module-bluetooth 1:13.99.2-1ubuntu2.1
pulseaudio-module-gsettings 1:13.99.2-1ubuntu2.1
pulseaudio-module-jack 1:13.99.2-1ubuntu2.1
pulseaudio-module-lirc 1:13.99.2-1ubuntu2.1
pulseaudio-module-raop 1:13.99.2-1ubuntu2.1
pulseaudio-module-zeroconf 1:13.99.2-1ubuntu2.1
pulseaudio-utils 1:13.99.2-1ubuntu2.1

Ubuntu 20.04 LTS:
libpulse-mainloop-glib0 1:13.99.1-1ubuntu3.8
libpulse0 1:13.99.1-1ubuntu3.8
libpulsedsp 1:13.99.1-1ubuntu3.8
pulseaudio 1:13.99.1-1ubuntu3.8
pulseaudio-equalizer 1:13.99.1-1ubuntu3.8
pulseaudio-module-bluetooth 1:13.99.1-1ubuntu3.8
pulseaudio-module-gsettings 1:13.99.1-1ubuntu3.8
pulseaudio-module-jack 1:13.99.1-1ubuntu3.8
pulseaudio-module-lirc 1:13.99.1-1ubuntu3.8
pulseaudio-module-raop 1:13.99.1-1ubuntu3.8
pulseaudio-module-zeroconf 1:13.99.1-1ubuntu3.8
pulseaudio-utils 1:13.99.1-1ubuntu3.8

Ubuntu 18.04 LTS:
libpulse-mainloop-glib0 1:11.1-1ubuntu7.11
libpulse0 1:11.1-1ubuntu7.11
libpulsedsp 1:11.1-1ubuntu7.11
pulseaudio 1:11.1-1ubuntu7.11
pulseaudio-equalizer 1:11.1-1ubuntu7.11
pulseaudio-esound-compat 1:11.1-1ubuntu7.11
pulseaudio-module-bluetooth 1:11.1-1ubuntu7.11
pulseaudio-module-gconf 1:11.1-1ubuntu7.11
pulseaudio-module-jack 1:11.1-1ubuntu7.11
pulseaudio-module-lirc 1:11.1-1ubuntu7.11
pulseaudio-module-raop 1:11.1-1ubuntu7.11
pulseaudio-module-zeroconf 1:11.1-1ubuntu7.11
pulseaudio-utils 1:11.1-1ubuntu7.11

Ubuntu 16.04 LTS:
libpulse-mainloop-glib0 1:8.0-0ubuntu3.15
libpulse0 1:8.0-0ubuntu3.15
libpulsedsp 1:8.0-0ubuntu3.15
pulseaudio 1:8.0-0ubuntu3.15
pulseaudio-esound-compat 1:8.0-0ubuntu3.15
pulseaudio-module-bluetooth 1:8.0-0ubuntu3.15
pulseaudio-module-droid 1:8.0-0ubuntu3.15
pulseaudio-module-gconf 1:8.0-0ubuntu3.15
pulseaudio-module-jack 1:8.0-0ubuntu3.15
pulseaudio-module-lirc 1:8.0-0ubuntu3.15
pulseaudio-module-raop 1:8.0-0ubuntu3.15
pulseaudio-module-trust-store 1:8.0-0ubuntu3.15
pulseaudio-module-x11 1:8.0-0ubuntu3.15
pulseaudio-module-zeroconf 1:8.0-0ubuntu3.15
pulseaudio-utils 1:8.0-0ubuntu3.15

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://usn.ubuntu.com/4640-1
CVE-2020-16123

Package Information:
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8
https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11
https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15

pulseaudio vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

PulseAudio could be made to expose sensitive information.

Software Description:
– pulseaudio: PulseAudio sound server

Details:

James Henstridge discovered that an Ubuntu-specific patch caused
PulseAudio to incorrectly handle snap client connections. An attacker
could possibly use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

After a standard system update you need to restart your session to make
all the necessary changes.

References:
<a class=”moz-txt-link-freetext” href=”https://usn.ubuntu.com/4640-1″>https://usn.ubuntu.com/4640-1</a>
CVE-2020-16123

Package Information:
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1″>https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1</a>
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8″>https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8</a>
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11″>https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11</a>
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15″>https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15</a>
</pre>
</div>
</body>
</html>
—–BEGIN PGP SIGNATURE—–

iQEzBAEBCAAdFiEElnO/d49FoUPK9fwytGdj0GOh2+wFAl+751kACgkQtGdj0GOh
2+w1mQgAw0VKq1uyPe/o71+10/wCCfcm5/mAOT5C6KSSdCHsKLO6lTma1B0R5QaB
y7udDe/g/a0Iu34ms5ZQmWjEYtDHvTwXI8snfxpya7l4Vyyo834SD9BdpeOSAx4T
ckb9KItvDILBmha9pYJDwXCBjRqphA1Ebz13ef6+o/8krqjFa8unbANr9NkvAalK
xAtfsbSg7Iqlz1BlmZ4T/jG/l630FuOGSR7t8sL4MqdGBoWzMtizPVuUnfIWL2IP
dStZvAp8H8pi7SozZTp9Gi6QraQzF8HaD+OOGXDqVintLRpaX4MbdeaPQl8DY98h
ViHPlSBlFiTmqx+JoLnC8nkCojz46g==
=KiDi
—–END PGP SIGNATURE—–
—

Autor	Dona Seruga
Cert id	NCERT-REF-2020-11-0001-ADV
Cve	CERT-CVE-DUMMY
ID izvornika	CERT-ORIGID-DUMMY
Proizvod	CERT-DUMMY-PRODUCT
Izvor	Adobe

Sigurnosni nedostatak programskog paketa pulseaudio

Archives

More in Preporuke

Sigurnosni nedostaci programskog paketa rmt server