Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: PulseAudio vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that PulseAudio did not properly drop privileges when running as a daemon. Local users may be able to exploit this and gain privileges. The default Ubuntu configuration is not affected.
Ubuntu Security Notice USN-573-1           January 31, 2008
pulseaudio vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  pulseaudio                      0.9.5-5ubuntu4.2

Ubuntu 7.10:
  pulseaudio                      0.9.6-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that PulseAudio did not properly drop privileges
when running as a daemon. Local users may be able to exploit this
and gain privileges. The default Ubuntu configuration is not

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:    17449 6b56fc19d1df82cfdced55206ef64679
      Size/MD5:     1265 a82ede30ebdafce09d266b6dd1cfe5b7
      Size/MD5:  1145930 99b5d9efd4fce35cabb4ae5d0ebb230d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    11500 ce80e767d1e30f8de6fd2ee6a2ed548c
      Size/MD5:   181184 e3bda5b5754b975f7578462f7100de29
      Size/MD5:    11570 da9e293b1f61b6cf225ba70b07efdeb1
      Size/MD5:   111218 e8631760459aadaeed2d0f9c42890f80
      Size/MD5:    27466 d4f6159b05f56e0a6d51a9f3f2af711e
      Size/MD5:   331220 d15cdd578190859a61588cfd69107e27
      Size/MD5:    12856 9cba1bcd4c384a8ef902a82c005613cf
      Size/MD5:    14880 8b4edc9db568a25a347d8e0acce0276d
      Size/MD5:     9246 b20f4744d8b6b53286af6feac8bb3cbd
      Size/MD5:    16188 c8dd2744ec424684f20959940b263a83
      Size/MD5:    14592 5e20ed3a3ee9bc8d2e12db5066eb8bca
      Size/MD5:    52792 ce4718ea982640fc8a953231d3f564ec

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    10830 24ae5b0dc91be5dfc3791ac9ba6acfdc
      Size/MD5:   159190 4dc619974dcb7cdeb87969859d7e27df
      Size/MD5:    10996 5c1bb793bc86ddfbbc8480d22e9428f6
      Size/MD5:   100172 fd40e44f9345de1492cb1efa4ff68c77
      Size/MD5:    25660 630da63c98812f52ba98f15f285f3226
      Size/MD5:   295640 df569af31b96c7d658921c05c2bbe880
      Size/MD5:    12230 da658350c189df71ca7337ba48f8a5a8
      Size/MD5:    13746 9928dc07ff1782d509eccfb7d10bd342
      Size/MD5:     8966 47a67f5466a39f7c371948fc0cca7621
      Size/MD5:    14940 7a6c04d7f357187b2a9ed024750bf4f7
      Size/MD5:    13520 756f6c81f2c18ec1cbb76b88be613701
      Size/MD5:    48348 261d9390c75e2aeac769b7a54ad1d517

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    13486 7b3ce45db469675fd29a8fc89524130d
      Size/MD5:   188998 1c42731ddf4cd5a0166f75dde1b61736
      Size/MD5:    13798 39749c569b65714649f4de42ff086546
      Size/MD5:   113000 a909bec96322c854b8e6ec3a92aebf43
      Size/MD5:    34318 6834cc3507f8361a15af5c0d9119b997
      Size/MD5:   391740 b420d192820c8bb34af759124f13caa4
      Size/MD5:    16776 94bd7ff6b489bddd226f9711a10d13df
      Size/MD5:    17858 480c53e43f7eb12893891e717f388a56
      Size/MD5:    11382 af54cc0798896712cb0cdc51f8ca06f1
      Size/MD5:    21286 14750676b774ba677cda10475b110adc
      Size/MD5:    17350 e1e9ab00ecdfd62dd145e15d491d271f
      Size/MD5:    64510 e17eef4afe7a008eede77932b0911bb7

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    10832 fb46f365ce41fa3c08deabe4efc4c1bc
      Size/MD5:   172218 a554731ef0b0c5b0940b48c2d0101b65
      Size/MD5:    10926 25219a37e60f6e2370e2492ad32cd81d
      Size/MD5:   100914 28e9e9fcb364ef520bbe9b50da7a33b3
      Size/MD5:    25608 2c85d7cc39d6d2990677fede70c26fd7
      Size/MD5:   302166 3da7a6db2daadeb83c92a8ad58858d26
      Size/MD5:    12294 80aac679c8b20732444d4651342db4c2
      Size/MD5:    13468 426ec2c39e66d8f413dee6e44eaf2f3e
      Size/MD5:     9046 ccd554ce837bcd7027fec89712beb70e
      Size/MD5:    14838 2644eb4d789d810064e0e201029f2dd9
      Size/MD5:    13418 5d4a1930173baf24edf60aef4e26aad2
      Size/MD5:    50152 6c117193eb1da82660fc59dd0bc2bf8c

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:    12003 f56974ff4eb38fc4bb4c321a3e9e309a
      Size/MD5:     1290 4fbfe8762fb2430d176068859bf0ed71
      Size/MD5:  1157647 669d52a70fb9a7a83c2507005bfa2a6f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    12274 55bcd7261c7479d469adfefb1cf4e445
      Size/MD5:   187860 27cbf00c54a9ec92f192df265dea7f80
      Size/MD5:    12342 e104ebac121bcd11e15cd3d5773a95e6
      Size/MD5:   116130 d5f65e0084a433c95cd512b8c63c0c61
      Size/MD5:    28070 7ccdd82bb502b52db1135372145e4908
      Size/MD5:   337164 e1457f0caef9f416ef984f8150a3e2c3
      Size/MD5:    13672 0ddf408e2ecd2b715a4843b17119724a
      Size/MD5:    15704 9cf5c1de5864da5b0c2cfd93167559b3
      Size/MD5:    10000 cc99b1a0fd9c5ab9155363d6f0d3b311
      Size/MD5:    16968 16fc7592a90564732ed39ac3cf769709
      Size/MD5:    15352 bd49f64871199357e09e1f97bfe61a33
      Size/MD5:    54420 55e53c56cde725a9c635e6f4ac8e5295

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    11558 132cf612fe86c0743988701255007aa2
      Size/MD5:   164818 a3870f446cd691b0ac20303586c6beaa
      Size/MD5:    11730 df2b61301fbd86c2a81b7fee8a8fd83c
      Size/MD5:   104324 08d636c188bad3ea1ee685b7240d8e76
      Size/MD5:    26138 03f942e48ccefad14600fdc297f5d0bb
      Size/MD5:   300856 dd2a3901853cfe83e3fd42dfe9e3ad7c
      Size/MD5:    13048 b88aee9d9a789413c4782f51aec18698
      Size/MD5:    14522 c77c0fdfa5eec80b6889caf9fa281aa8
      Size/MD5:     9712 cd4d0229b2d47c33e1d30bf7ed274770
      Size/MD5:    15612 b908d5e9e0ba93796f46d6834429b48e
      Size/MD5:    14212 41624d8baf04c47895988eadc0d4d51c
      Size/MD5:    49526 a62a04e4cf75661a9c3a05feafcdd20e

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    11628 f660843d761c4d7b646c62d289192c01
      Size/MD5:   178296 c5b5763e884cb9a21adb025e71cd3945
      Size/MD5:    11742 51bee53e72aeb84a0cd922f22e8235a5
      Size/MD5:   105936 0a2271818127d25f14845c8b14b047c6
      Size/MD5:    26116 b9ba5cc6520198d62326a3109f6a1ec9
      Size/MD5:   309176 113df051b5e9812b50d8cfbdfd3acc03
      Size/MD5:    13106 8bd5d1a8c7a924bbc82b21faa8378657
      Size/MD5:    14320 77e7f9585543d87ca13d8fcee26311bd
      Size/MD5:     9806 3c380df1825896d750671eed198c0d74
      Size/MD5:    15630 16fa7b13446b9cf4485098f4dcb2f7fc
      Size/MD5:    14192 4578e54a443cf1db1b9e0d2c0a6bb2fc
      Size/MD5:    51656 ab6065a553e3db1d4626692acac9f25d

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



--==============I10911365683639538=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ubuntu-security-announce mailing list
Modify settings or unsubscribe at:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.