drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in PulseAudio
Name: |
Mangelnde Rechteprüfung in PulseAudio |
|
ID: |
USN-4355-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.10, Ubuntu 20.04 LTS |
|
Datum: |
Mi, 13. Mai 2020, 07:42 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11931 |
|
Applikationen: |
PulseAudio |
|
Originalnachricht |
--===============0674810119788106717== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="dLXnlYbDJNCwF3YM" Content-Disposition: inline
--dLXnlYbDJNCwF3YM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4355-1 May 12, 2020
pulseaudio vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS
Summary:
PulseAudio could allow unintended access to snap packages.
Software Description: - pulseaudio: PulseAudio sound server
Details:
PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass access controls and record audio.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: pulseaudio 1:13.99.1-1ubuntu3.2
Ubuntu 19.10: pulseaudio 1:13.0-1ubuntu1.2
Ubuntu 18.04 LTS: pulseaudio 1:11.1-1ubuntu7.7
Ubuntu 16.04 LTS: pulseaudio 1:8.0-0ubuntu3.12
After a standard system update you need to restart your session to make all the necessary changes.
References: https://usn.ubuntu.com/4355-1 CVE-2020-11931, https://launchpad.net/bugs/1877102
Package Information: https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.2 https://launchpad.net/ubuntu/+source/pulseaudio/1:13.0-1ubuntu1.2 https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.7 https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.12
--dLXnlYbDJNCwF3YM Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEETCDAa12L3miIVNKKUdvcWMxVlXMFAl668sUACgkQUdvcWMxV lXPLhg//RtllA3Q744oo1fODslVHnYPwPJ1q8u04VutEP1Sqycwv4n5fje3FVJ3z 9WgXhY3RaLXLINh+CCOWwJX2H2+uMs2FN499iFmkF+cKAtAsjXZlw7c/+/7iELsp v6gyjWHhdzpqDZvlNQVNvh9W8De57CV4zjQZhtbLu+PdB/mNIURj+tJHYlxDxP3O mKZl1LnzB+6au4MaFUXQm1eKcOnGNjlUg/0TrDWSWEd74Y3IRk17zGcx6c1Y5WcY Z7bDPRxOyhdHhei+3UEFPlBCszn9XsqqMr1fOtuIH5ScX9NdxUk6AJwyjqe9VfpC UixLUDqSIHNOeq85aiJxh9sy/Lo7Fyog7tx7aMRfTfGUp11jHGRMegS+8sYKjABJ 3ghjEbCsdsy7Clh2XyW3tGQMPtWkObyby5nZxl9kYHIHNaFk9uzBFkSZ3Ivhsse7 9/clJ6D5/Ua07iw5xxYo3OZM3Q26Zn6rZmFYK6Zhv+vDWgxs4B5KVgXBfz1SWbsQ dHo4iPt1dZj6Fw6mv74FEIuqpwq3uflTiLJHnmuRwCZY1pOMTsHm69AEbphIg25l wOwDS5Q7jNHu/fbxpOjgyK300tiGC3kfT58JHN5KgBYyTezbViQGhjZLKZAuEpFQ 6QBjtGqZmIwHZiazhNDM7zPq3xJzVZQGkGWbTC8VZCbBVMqjCrA= =yCz8 -----END PGP SIGNATURE-----
--dLXnlYbDJNCwF3YM--
--===============0674810119788106717== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|