[USN-4640-1] PulseAudio vulnerability
Avital Ostromich
avital.ostromich at canonical.com
Mon Nov 23 16:46:16 UTC 2020
==========================================================================
Ubuntu Security Notice USN-4640-1
November 23, 2020
pulseaudio vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
PulseAudio could be made to expose sensitive information.
Software Description:
- pulseaudio: PulseAudio sound server
Details:
James Henstridge discovered that an Ubuntu-specific patch caused
PulseAudio to incorrectly handle snap client connections. An attacker
could possibly use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libpulse-mainloop-glib0 1:13.99.2-1ubuntu2.1
libpulse0 1:13.99.2-1ubuntu2.1
libpulsedsp 1:13.99.2-1ubuntu2.1
pulseaudio 1:13.99.2-1ubuntu2.1
pulseaudio-equalizer 1:13.99.2-1ubuntu2.1
pulseaudio-module-bluetooth 1:13.99.2-1ubuntu2.1
pulseaudio-module-gsettings 1:13.99.2-1ubuntu2.1
pulseaudio-module-jack 1:13.99.2-1ubuntu2.1
pulseaudio-module-lirc 1:13.99.2-1ubuntu2.1
pulseaudio-module-raop 1:13.99.2-1ubuntu2.1
pulseaudio-module-zeroconf 1:13.99.2-1ubuntu2.1
pulseaudio-utils 1:13.99.2-1ubuntu2.1
Ubuntu 20.04 LTS:
libpulse-mainloop-glib0 1:13.99.1-1ubuntu3.8
libpulse0 1:13.99.1-1ubuntu3.8
libpulsedsp 1:13.99.1-1ubuntu3.8
pulseaudio 1:13.99.1-1ubuntu3.8
pulseaudio-equalizer 1:13.99.1-1ubuntu3.8
pulseaudio-module-bluetooth 1:13.99.1-1ubuntu3.8
pulseaudio-module-gsettings 1:13.99.1-1ubuntu3.8
pulseaudio-module-jack 1:13.99.1-1ubuntu3.8
pulseaudio-module-lirc 1:13.99.1-1ubuntu3.8
pulseaudio-module-raop 1:13.99.1-1ubuntu3.8
pulseaudio-module-zeroconf 1:13.99.1-1ubuntu3.8
pulseaudio-utils 1:13.99.1-1ubuntu3.8
Ubuntu 18.04 LTS:
libpulse-mainloop-glib0 1:11.1-1ubuntu7.11
libpulse0 1:11.1-1ubuntu7.11
libpulsedsp 1:11.1-1ubuntu7.11
pulseaudio 1:11.1-1ubuntu7.11
pulseaudio-equalizer 1:11.1-1ubuntu7.11
pulseaudio-esound-compat 1:11.1-1ubuntu7.11
pulseaudio-module-bluetooth 1:11.1-1ubuntu7.11
pulseaudio-module-gconf 1:11.1-1ubuntu7.11
pulseaudio-module-jack 1:11.1-1ubuntu7.11
pulseaudio-module-lirc 1:11.1-1ubuntu7.11
pulseaudio-module-raop 1:11.1-1ubuntu7.11
pulseaudio-module-zeroconf 1:11.1-1ubuntu7.11
pulseaudio-utils 1:11.1-1ubuntu7.11
Ubuntu 16.04 LTS:
libpulse-mainloop-glib0 1:8.0-0ubuntu3.15
libpulse0 1:8.0-0ubuntu3.15
libpulsedsp 1:8.0-0ubuntu3.15
pulseaudio 1:8.0-0ubuntu3.15
pulseaudio-esound-compat 1:8.0-0ubuntu3.15
pulseaudio-module-bluetooth 1:8.0-0ubuntu3.15
pulseaudio-module-droid 1:8.0-0ubuntu3.15
pulseaudio-module-gconf 1:8.0-0ubuntu3.15
pulseaudio-module-jack 1:8.0-0ubuntu3.15
pulseaudio-module-lirc 1:8.0-0ubuntu3.15
pulseaudio-module-raop 1:8.0-0ubuntu3.15
pulseaudio-module-trust-store 1:8.0-0ubuntu3.15
pulseaudio-module-x11 1:8.0-0ubuntu3.15
pulseaudio-module-zeroconf 1:8.0-0ubuntu3.15
pulseaudio-utils 1:8.0-0ubuntu3.15
After a standard system update you need to restart your session to make
all the necessary changes.
References:
https://usn.ubuntu.com/4640-1
CVE-2020-16123
Package Information:
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8
https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11
https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20201123/a9a6d691/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20201123/a9a6d691/attachment.sig>
More information about the ubuntu-security-announce
mailing list