You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa pulseaudio

Sigurnosni nedostatak programskog paketa pulseaudio

==========================================================================
Ubuntu Security Notice USN-4640-1
November 23, 2020

pulseaudio vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

PulseAudio could be made to expose sensitive information.

Software Description:
– pulseaudio: PulseAudio sound server

Details:

James Henstridge discovered that an Ubuntu-specific patch caused
PulseAudio to incorrectly handle snap client connections. An attacker
could possibly use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
libpulse-mainloop-glib0 1:13.99.2-1ubuntu2.1
libpulse0 1:13.99.2-1ubuntu2.1
libpulsedsp 1:13.99.2-1ubuntu2.1
pulseaudio 1:13.99.2-1ubuntu2.1
pulseaudio-equalizer 1:13.99.2-1ubuntu2.1
pulseaudio-module-bluetooth 1:13.99.2-1ubuntu2.1
pulseaudio-module-gsettings 1:13.99.2-1ubuntu2.1
pulseaudio-module-jack 1:13.99.2-1ubuntu2.1
pulseaudio-module-lirc 1:13.99.2-1ubuntu2.1
pulseaudio-module-raop 1:13.99.2-1ubuntu2.1
pulseaudio-module-zeroconf 1:13.99.2-1ubuntu2.1
pulseaudio-utils 1:13.99.2-1ubuntu2.1

Ubuntu 20.04 LTS:
libpulse-mainloop-glib0 1:13.99.1-1ubuntu3.8
libpulse0 1:13.99.1-1ubuntu3.8
libpulsedsp 1:13.99.1-1ubuntu3.8
pulseaudio 1:13.99.1-1ubuntu3.8
pulseaudio-equalizer 1:13.99.1-1ubuntu3.8
pulseaudio-module-bluetooth 1:13.99.1-1ubuntu3.8
pulseaudio-module-gsettings 1:13.99.1-1ubuntu3.8
pulseaudio-module-jack 1:13.99.1-1ubuntu3.8
pulseaudio-module-lirc 1:13.99.1-1ubuntu3.8
pulseaudio-module-raop 1:13.99.1-1ubuntu3.8
pulseaudio-module-zeroconf 1:13.99.1-1ubuntu3.8
pulseaudio-utils 1:13.99.1-1ubuntu3.8

Ubuntu 18.04 LTS:
libpulse-mainloop-glib0 1:11.1-1ubuntu7.11
libpulse0 1:11.1-1ubuntu7.11
libpulsedsp 1:11.1-1ubuntu7.11
pulseaudio 1:11.1-1ubuntu7.11
pulseaudio-equalizer 1:11.1-1ubuntu7.11
pulseaudio-esound-compat 1:11.1-1ubuntu7.11
pulseaudio-module-bluetooth 1:11.1-1ubuntu7.11
pulseaudio-module-gconf 1:11.1-1ubuntu7.11
pulseaudio-module-jack 1:11.1-1ubuntu7.11
pulseaudio-module-lirc 1:11.1-1ubuntu7.11
pulseaudio-module-raop 1:11.1-1ubuntu7.11
pulseaudio-module-zeroconf 1:11.1-1ubuntu7.11
pulseaudio-utils 1:11.1-1ubuntu7.11

Ubuntu 16.04 LTS:
libpulse-mainloop-glib0 1:8.0-0ubuntu3.15
libpulse0 1:8.0-0ubuntu3.15
libpulsedsp 1:8.0-0ubuntu3.15
pulseaudio 1:8.0-0ubuntu3.15
pulseaudio-esound-compat 1:8.0-0ubuntu3.15
pulseaudio-module-bluetooth 1:8.0-0ubuntu3.15
pulseaudio-module-droid 1:8.0-0ubuntu3.15
pulseaudio-module-gconf 1:8.0-0ubuntu3.15
pulseaudio-module-jack 1:8.0-0ubuntu3.15
pulseaudio-module-lirc 1:8.0-0ubuntu3.15
pulseaudio-module-raop 1:8.0-0ubuntu3.15
pulseaudio-module-trust-store 1:8.0-0ubuntu3.15
pulseaudio-module-x11 1:8.0-0ubuntu3.15
pulseaudio-module-zeroconf 1:8.0-0ubuntu3.15
pulseaudio-utils 1:8.0-0ubuntu3.15

After a standard system update you need to restart your session to make
all the necessary changes.

References:
https://usn.ubuntu.com/4640-1
CVE-2020-16123

Package Information:
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8
https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11
https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15

<html>
<head>

<meta http-equiv=”content-type” content=”text/html; charset=UTF-8″>
</head>
<body>
<p>
</p>
<div class=”moz-text-plain” wrap=”true” style=”font-family:
-moz-fixed; font-size: 12px;” lang=”x-unicode”>
<pre class=”moz-quote-pre” wrap=””>==========================================================================
Ubuntu Security Notice USN-4640-1
November 23, 2020

pulseaudio vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

PulseAudio could be made to expose sensitive information.

Software Description:
– pulseaudio: PulseAudio sound server

Details:

James Henstridge discovered that an Ubuntu-specific patch caused
PulseAudio to incorrectly handle snap client connections. An attacker
could possibly use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
libpulse-mainloop-glib0 1:13.99.2-1ubuntu2.1
libpulse0 1:13.99.2-1ubuntu2.1
libpulsedsp 1:13.99.2-1ubuntu2.1
pulseaudio 1:13.99.2-1ubuntu2.1
pulseaudio-equalizer 1:13.99.2-1ubuntu2.1
pulseaudio-module-bluetooth 1:13.99.2-1ubuntu2.1
pulseaudio-module-gsettings 1:13.99.2-1ubuntu2.1
pulseaudio-module-jack 1:13.99.2-1ubuntu2.1
pulseaudio-module-lirc 1:13.99.2-1ubuntu2.1
pulseaudio-module-raop 1:13.99.2-1ubuntu2.1
pulseaudio-module-zeroconf 1:13.99.2-1ubuntu2.1
pulseaudio-utils 1:13.99.2-1ubuntu2.1

Ubuntu 20.04 LTS:
libpulse-mainloop-glib0 1:13.99.1-1ubuntu3.8
libpulse0 1:13.99.1-1ubuntu3.8
libpulsedsp 1:13.99.1-1ubuntu3.8
pulseaudio 1:13.99.1-1ubuntu3.8
pulseaudio-equalizer 1:13.99.1-1ubuntu3.8
pulseaudio-module-bluetooth 1:13.99.1-1ubuntu3.8
pulseaudio-module-gsettings 1:13.99.1-1ubuntu3.8
pulseaudio-module-jack 1:13.99.1-1ubuntu3.8
pulseaudio-module-lirc 1:13.99.1-1ubuntu3.8
pulseaudio-module-raop 1:13.99.1-1ubuntu3.8
pulseaudio-module-zeroconf 1:13.99.1-1ubuntu3.8
pulseaudio-utils 1:13.99.1-1ubuntu3.8

Ubuntu 18.04 LTS:
libpulse-mainloop-glib0 1:11.1-1ubuntu7.11
libpulse0 1:11.1-1ubuntu7.11
libpulsedsp 1:11.1-1ubuntu7.11
pulseaudio 1:11.1-1ubuntu7.11
pulseaudio-equalizer 1:11.1-1ubuntu7.11
pulseaudio-esound-compat 1:11.1-1ubuntu7.11
pulseaudio-module-bluetooth 1:11.1-1ubuntu7.11
pulseaudio-module-gconf 1:11.1-1ubuntu7.11
pulseaudio-module-jack 1:11.1-1ubuntu7.11
pulseaudio-module-lirc 1:11.1-1ubuntu7.11
pulseaudio-module-raop 1:11.1-1ubuntu7.11
pulseaudio-module-zeroconf 1:11.1-1ubuntu7.11
pulseaudio-utils 1:11.1-1ubuntu7.11

Ubuntu 16.04 LTS:
libpulse-mainloop-glib0 1:8.0-0ubuntu3.15
libpulse0 1:8.0-0ubuntu3.15
libpulsedsp 1:8.0-0ubuntu3.15
pulseaudio 1:8.0-0ubuntu3.15
pulseaudio-esound-compat 1:8.0-0ubuntu3.15
pulseaudio-module-bluetooth 1:8.0-0ubuntu3.15
pulseaudio-module-droid 1:8.0-0ubuntu3.15
pulseaudio-module-gconf 1:8.0-0ubuntu3.15
pulseaudio-module-jack 1:8.0-0ubuntu3.15
pulseaudio-module-lirc 1:8.0-0ubuntu3.15
pulseaudio-module-raop 1:8.0-0ubuntu3.15
pulseaudio-module-trust-store 1:8.0-0ubuntu3.15
pulseaudio-module-x11 1:8.0-0ubuntu3.15
pulseaudio-module-zeroconf 1:8.0-0ubuntu3.15
pulseaudio-utils 1:8.0-0ubuntu3.15

After a standard system update you need to restart your session to make
all the necessary changes.

References:
<a class=”moz-txt-link-freetext” href=”https://usn.ubuntu.com/4640-1″>https://usn.ubuntu.com/4640-1</a>
CVE-2020-16123

Package Information:
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1″>https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1</a>
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8″>https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8</a>
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11″>https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11</a>
<a class=”moz-txt-link-freetext” href=”https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15″>https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15</a>
</pre>
</div>
</body>
</html>
—–BEGIN PGP SIGNATURE—–

iQEzBAEBCAAdFiEElnO/d49FoUPK9fwytGdj0GOh2+wFAl+751kACgkQtGdj0GOh
2+w1mQgAw0VKq1uyPe/o71+10/wCCfcm5/mAOT5C6KSSdCHsKLO6lTma1B0R5QaB
y7udDe/g/a0Iu34ms5ZQmWjEYtDHvTwXI8snfxpya7l4Vyyo834SD9BdpeOSAx4T
ckb9KItvDILBmha9pYJDwXCBjRqphA1Ebz13ef6+o/8krqjFa8unbANr9NkvAalK
xAtfsbSg7Iqlz1BlmZ4T/jG/l630FuOGSR7t8sL4MqdGBoWzMtizPVuUnfIWL2IP
dStZvAp8H8pi7SozZTp9Gi6QraQzF8HaD+OOGXDqVintLRpaX4MbdeaPQl8DY98h
ViHPlSBlFiTmqx+JoLnC8nkCojz46g==
=KiDi
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa rmt server

Otkriveni su sigurnosni nedostaci u programskom paketu rmt server za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS...

Close