==========================================================================
Ubuntu Security Notice USN-4355-1
May 12, 2020
pulseaudio vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 19.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
PulseAudio could allow unintended access to snap packages.
Software Description:
– pulseaudio: PulseAudio sound server
Details:
PulseAudio in Ubuntu contains additional functionality to mediate audio
recording for snap packages and it was discovered that this functionality
did not mediate PulseAudio module unloading. An attacker-controlled snap
with only the audio-playback interface connected could exploit this to
bypass access controls and record audio.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
pulseaudio 1:13.99.1-1ubuntu3.2
Ubuntu 19.10:
pulseaudio 1:13.0-1ubuntu1.2
Ubuntu 18.04 LTS:
pulseaudio 1:11.1-1ubuntu7.7
Ubuntu 16.04 LTS:
pulseaudio 1:8.0-0ubuntu3.12
After a standard system update you need to restart your session to make
all the necessary changes.
References:
https://usn.ubuntu.com/4355-1
CVE-2020-11931, https://launchpad.net/bugs/1877102
Package Information:
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.2
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.0-1ubuntu1.2
https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.7
https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.12
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEETCDAa12L3miIVNKKUdvcWMxVlXMFAl668sUACgkQUdvcWMxV
lXPLhg//RtllA3Q744oo1fODslVHnYPwPJ1q8u04VutEP1Sqycwv4n5fje3FVJ3z
9WgXhY3RaLXLINh+CCOWwJX2H2+uMs2FN499iFmkF+cKAtAsjXZlw7c/+/7iELsp
v6gyjWHhdzpqDZvlNQVNvh9W8De57CV4zjQZhtbLu+PdB/mNIURj+tJHYlxDxP3O
mKZl1LnzB+6au4MaFUXQm1eKcOnGNjlUg/0TrDWSWEd74Y3IRk17zGcx6c1Y5WcY
Z7bDPRxOyhdHhei+3UEFPlBCszn9XsqqMr1fOtuIH5ScX9NdxUk6AJwyjqe9VfpC
UixLUDqSIHNOeq85aiJxh9sy/Lo7Fyog7tx7aMRfTfGUp11jHGRMegS+8sYKjABJ
3ghjEbCsdsy7Clh2XyW3tGQMPtWkObyby5nZxl9kYHIHNaFk9uzBFkSZ3Ivhsse7
9/clJ6D5/Ua07iw5xxYo3OZM3Q26Zn6rZmFYK6Zhv+vDWgxs4B5KVgXBfz1SWbsQ
dHo4iPt1dZj6Fw6mv74FEIuqpwq3uflTiLJHnmuRwCZY1pOMTsHm69AEbphIg25l
wOwDS5Q7jNHu/fbxpOjgyK300tiGC3kfT58JHN5KgBYyTezbViQGhjZLKZAuEpFQ
6QBjtGqZmIwHZiazhNDM7zPq3xJzVZQGkGWbTC8VZCbBVMqjCrA=
=yCz8
—–END PGP SIGNATURE—–
—