Login
Newsletter
Werbung

Sicherheit: Denial of Service in PulseAudio
Aktuelle Meldungen Distributionen
Name: Denial of Service in PulseAudio
ID: MDVSA-2015:134
Distribution: Mandriva
Plattformen: Mandriva Business Server 2.0
Datum: So, 29. März 2015, 14:11
Referenzen: http://advisories.mageia.org/MGASA-2014-0440.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970
Applikationen: PulseAudio

Originalnachricht

This is a multi-part message in MIME format...

------------=_1427627383-10360-34

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:134
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : pulseaudio
Date : March 29, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated pulseaudio package fixes RTP remote crash vulnerability:

PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP
attack which could crash the PulseAudio server simply by sending an
empty UDP packet.

Additionally, the version of PulseAudio shipped in mbs2 was a
pre-release version of PulseAudio v5 and has been updated to the
official final version.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970
http://advisories.mageia.org/MGASA-2014-0440.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
c7173778c42dc113d5b3f5fa22c0bed4
mbs2/x86_64/lib64pulseaudio0-5.0-1.mbs2.x86_64.rpm
eb56efad6ea78e06542415b91978dac0
mbs2/x86_64/lib64pulseaudio-devel-5.0-1.mbs2.x86_64.rpm
0df303db1ceed4a22176f1b08bbfc98b
mbs2/x86_64/lib64pulsecommon5.0-5.0-1.mbs2.x86_64.rpm
efc62c8009ab642f87342b5f32b45c79
mbs2/x86_64/lib64pulsecore5.0-5.0-1.mbs2.x86_64.rpm
d2289b4e1f9ab3e0fbbda56aae56ec5a
mbs2/x86_64/lib64pulseglib20-5.0-1.mbs2.x86_64.rpm
ae94b8d766cc6c3c755d2a5cb492c4ac mbs2/x86_64/pulseaudio-5.0-1.mbs2.x86_64.rpm
5e4b67fa760fa7f69af024ad1a5340c0
mbs2/x86_64/pulseaudio-client-config-5.0-1.mbs2.x86_64.rpm
ee4e7ad07378be8e74b065eb233b6044
mbs2/x86_64/pulseaudio-esound-compat-5.0-1.mbs2.x86_64.rpm
9ca9587b15145cce0579f8dc77c6f06b
mbs2/x86_64/pulseaudio-module-bluetooth-5.0-1.mbs2.x86_64.rpm
99954fd5fb94ec709abc21df7c1c7abe
mbs2/x86_64/pulseaudio-module-equalizer-5.0-1.mbs2.x86_64.rpm
ae40837d35dd20f7fb2fb8d2f8051f6c
mbs2/x86_64/pulseaudio-module-gconf-5.0-1.mbs2.x86_64.rpm
c558e998f4b7b3e676a55d9f50ba21cc
mbs2/x86_64/pulseaudio-module-jack-5.0-1.mbs2.x86_64.rpm
5be7891d6cefe93f0c7158147e768e44
mbs2/x86_64/pulseaudio-module-lirc-5.0-1.mbs2.x86_64.rpm
04fc999181c8326081e41140550aeba3
mbs2/x86_64/pulseaudio-module-x11-5.0-1.mbs2.x86_64.rpm
e4c964e2b5cd17bc4508d595e4f37faa
mbs2/x86_64/pulseaudio-module-xen-5.0-1.mbs2.x86_64.rpm
02228e2f73af3fdd03523ee479c8abea
mbs2/x86_64/pulseaudio-module-zeroconf-5.0-1.mbs2.x86_64.rpm
92b85f86e00d4a82bfa3c98034ede5fd
mbs2/x86_64/pulseaudio-utils-5.0-1.mbs2.x86_64.rpm
256e3c1f6e1be52e2f95f7ec3431c59e mbs2/SRPMS/pulseaudio-5.0-1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVF88omqjQ0CJFipgRAlH4AKC2jT23PGz0KcrKrX33oSifVSBXYwCcDUnM
2/X1Nk/chffE55Zz3CgKajc=
=Cnon
-----END PGP SIGNATURE-----


------------=_1427627383-10360-34
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427627383-10360-34--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung