drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in PulseAudio
| Name: |
Mangelnde Rechteprüfung in PulseAudio |
|
| ID: |
USN-4355-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.10, Ubuntu 20.04 LTS |
|
| Datum: |
Mi, 13. Mai 2020, 07:42 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11931 |
|
| Applikationen: |
PulseAudio |
|
Originalnachricht |
--===============0674810119788106717==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="dLXnlYbDJNCwF3YM"
Content-Disposition: inline
--dLXnlYbDJNCwF3YM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-4355-1
May 12, 2020
pulseaudio vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
PulseAudio could allow unintended access to snap packages.
Software Description:
- pulseaudio: PulseAudio sound server
Details:
PulseAudio in Ubuntu contains additional functionality to mediate audio
recording for snap packages and it was discovered that this functionality
did not mediate PulseAudio module unloading. An attacker-controlled snap
with only the audio-playback interface connected could exploit this to
bypass access controls and record audio.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
pulseaudio 1:13.99.1-1ubuntu3.2
Ubuntu 19.10:
pulseaudio 1:13.0-1ubuntu1.2
Ubuntu 18.04 LTS:
pulseaudio 1:11.1-1ubuntu7.7
Ubuntu 16.04 LTS:
pulseaudio 1:8.0-0ubuntu3.12
After a standard system update you need to restart your session to make
all the necessary changes.
References:
https://usn.ubuntu.com/4355-1
CVE-2020-11931, https://launchpad.net/bugs/1877102
Package Information:
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.2
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.0-1ubuntu1.2
https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.7
https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.12
--dLXnlYbDJNCwF3YM
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEETCDAa12L3miIVNKKUdvcWMxVlXMFAl668sUACgkQUdvcWMxV
lXPLhg//RtllA3Q744oo1fODslVHnYPwPJ1q8u04VutEP1Sqycwv4n5fje3FVJ3z
9WgXhY3RaLXLINh+CCOWwJX2H2+uMs2FN499iFmkF+cKAtAsjXZlw7c/+/7iELsp
v6gyjWHhdzpqDZvlNQVNvh9W8De57CV4zjQZhtbLu+PdB/mNIURj+tJHYlxDxP3O
mKZl1LnzB+6au4MaFUXQm1eKcOnGNjlUg/0TrDWSWEd74Y3IRk17zGcx6c1Y5WcY
Z7bDPRxOyhdHhei+3UEFPlBCszn9XsqqMr1fOtuIH5ScX9NdxUk6AJwyjqe9VfpC
UixLUDqSIHNOeq85aiJxh9sy/Lo7Fyog7tx7aMRfTfGUp11jHGRMegS+8sYKjABJ
3ghjEbCsdsy7Clh2XyW3tGQMPtWkObyby5nZxl9kYHIHNaFk9uzBFkSZ3Ivhsse7
9/clJ6D5/Ua07iw5xxYo3OZM3Q26Zn6rZmFYK6Zhv+vDWgxs4B5KVgXBfz1SWbsQ
dHo4iPt1dZj6Fw6mv74FEIuqpwq3uflTiLJHnmuRwCZY1pOMTsHm69AEbphIg25l
wOwDS5Q7jNHu/fbxpOjgyK300tiGC3kfT58JHN5KgBYyTezbViQGhjZLKZAuEpFQ
6QBjtGqZmIwHZiazhNDM7zPq3xJzVZQGkGWbTC8VZCbBVMqjCrA=
=yCz8
-----END PGP SIGNATURE-----
--dLXnlYbDJNCwF3YM--
--===============0674810119788106717==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|
