Ubuntu Security Notice 4640-1 - James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information.
5f384fec92507bfd6ba02cc4c667a7ae9de98134147b08fe2d9c964d8a8cbf09==========================================================================
Ubuntu Security Notice USN-4640-1
November 23, 2020
pulseaudio vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
PulseAudio could be made to expose sensitive information.
Software Description:
- pulseaudio: PulseAudio sound server
Details:
James Henstridge discovered that an Ubuntu-specific patch caused
PulseAudio to incorrectly handle snap client connections. An attacker
could possibly use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libpulse-mainloop-glib0 1:13.99.2-1ubuntu2.1
libpulse0 1:13.99.2-1ubuntu2.1
libpulsedsp 1:13.99.2-1ubuntu2.1
pulseaudio 1:13.99.2-1ubuntu2.1
pulseaudio-equalizer 1:13.99.2-1ubuntu2.1
pulseaudio-module-bluetooth 1:13.99.2-1ubuntu2.1
pulseaudio-module-gsettings 1:13.99.2-1ubuntu2.1
pulseaudio-module-jack 1:13.99.2-1ubuntu2.1
pulseaudio-module-lirc 1:13.99.2-1ubuntu2.1
pulseaudio-module-raop 1:13.99.2-1ubuntu2.1
pulseaudio-module-zeroconf 1:13.99.2-1ubuntu2.1
pulseaudio-utils 1:13.99.2-1ubuntu2.1
Ubuntu 20.04 LTS:
libpulse-mainloop-glib0 1:13.99.1-1ubuntu3.8
libpulse0 1:13.99.1-1ubuntu3.8
libpulsedsp 1:13.99.1-1ubuntu3.8
pulseaudio 1:13.99.1-1ubuntu3.8
pulseaudio-equalizer 1:13.99.1-1ubuntu3.8
pulseaudio-module-bluetooth 1:13.99.1-1ubuntu3.8
pulseaudio-module-gsettings 1:13.99.1-1ubuntu3.8
pulseaudio-module-jack 1:13.99.1-1ubuntu3.8
pulseaudio-module-lirc 1:13.99.1-1ubuntu3.8
pulseaudio-module-raop 1:13.99.1-1ubuntu3.8
pulseaudio-module-zeroconf 1:13.99.1-1ubuntu3.8
pulseaudio-utils 1:13.99.1-1ubuntu3.8
Ubuntu 18.04 LTS:
libpulse-mainloop-glib0 1:11.1-1ubuntu7.11
libpulse0 1:11.1-1ubuntu7.11
libpulsedsp 1:11.1-1ubuntu7.11
pulseaudio 1:11.1-1ubuntu7.11
pulseaudio-equalizer 1:11.1-1ubuntu7.11
pulseaudio-esound-compat 1:11.1-1ubuntu7.11
pulseaudio-module-bluetooth 1:11.1-1ubuntu7.11
pulseaudio-module-gconf 1:11.1-1ubuntu7.11
pulseaudio-module-jack 1:11.1-1ubuntu7.11
pulseaudio-module-lirc 1:11.1-1ubuntu7.11
pulseaudio-module-raop 1:11.1-1ubuntu7.11
pulseaudio-module-zeroconf 1:11.1-1ubuntu7.11
pulseaudio-utils 1:11.1-1ubuntu7.11
Ubuntu 16.04 LTS:
libpulse-mainloop-glib0 1:8.0-0ubuntu3.15
libpulse0 1:8.0-0ubuntu3.15
libpulsedsp 1:8.0-0ubuntu3.15
pulseaudio 1:8.0-0ubuntu3.15
pulseaudio-esound-compat 1:8.0-0ubuntu3.15
pulseaudio-module-bluetooth 1:8.0-0ubuntu3.15
pulseaudio-module-droid 1:8.0-0ubuntu3.15
pulseaudio-module-gconf 1:8.0-0ubuntu3.15
pulseaudio-module-jack 1:8.0-0ubuntu3.15
pulseaudio-module-lirc 1:8.0-0ubuntu3.15
pulseaudio-module-raop 1:8.0-0ubuntu3.15
pulseaudio-module-trust-store 1:8.0-0ubuntu3.15
pulseaudio-module-x11 1:8.0-0ubuntu3.15
pulseaudio-module-zeroconf 1:8.0-0ubuntu3.15
pulseaudio-utils 1:8.0-0ubuntu3.15
After a standard system update you need to restart your session to make
all the necessary changes.
References:
https://usn.ubuntu.com/4640-1
CVE-2020-16123
Package Information:
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8
https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11
https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed