[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ MDVSA-2009:152 ] pulseaudio
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [ MDVSA-2009:152 ] pulseaudio
- From: security@xxxxxxxxxxxx
- Date: Fri, 17 Jul 2009 17:31:01 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:152
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pulseaudio
Date : July 17, 2009
Affected: 2008.1, 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in pulseaudio:
Tavis Ormandy and Julien Tinnes of the Google Security Team discovered
that pulseaudio, when installed setuid root, does not drop privileges
before re-executing itself to achieve immediate bindings. This can
be exploited by a user who has write access to any directory on the
file system containing /usr/bin to gain local root access. The user
needs to exploit a race condition related to creating a hard link
(CVE-2009-1894).
This update provides fixes for this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1894
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
a062a8e55091692e577dc180febdc577
2008.1/i586/libpulseaudio0-0.9.9-7.3mdv2008.1.i586.rpm
f341aba4d3062c064f44b2660f259a12
2008.1/i586/libpulseaudio-devel-0.9.9-7.3mdv2008.1.i586.rpm
1f1adc7a548cc7770275c863082d47b7
2008.1/i586/libpulsecore5-0.9.9-7.3mdv2008.1.i586.rpm
354f78b31d6484363d9cf0e67d458407
2008.1/i586/libpulseglib20-0.9.9-7.3mdv2008.1.i586.rpm
3cc7b2df8634ae76bb565b6a276ab797
2008.1/i586/libpulsezeroconf0-0.9.9-7.3mdv2008.1.i586.rpm
12b5529062d92b931d5e1cb124aece9e
2008.1/i586/pulseaudio-0.9.9-7.3mdv2008.1.i586.rpm
8aad4dcba5650a5591383ac7e4e15af5
2008.1/i586/pulseaudio-esound-compat-0.9.9-7.3mdv2008.1.i586.rpm
347276b1fb509667489145ad4da4e02b
2008.1/i586/pulseaudio-module-bluetooth-0.9.9-7.3mdv2008.1.i586.rpm
187b0209b14a769148944b9f4ca178e2
2008.1/i586/pulseaudio-module-gconf-0.9.9-7.3mdv2008.1.i586.rpm
ad6e55a938e9f986e928e1d09993caa6
2008.1/i586/pulseaudio-module-jack-0.9.9-7.3mdv2008.1.i586.rpm
785b402d90d9a93c3925fccee6a126f4
2008.1/i586/pulseaudio-module-lirc-0.9.9-7.3mdv2008.1.i586.rpm
51263a625babe3ae286cbcbb6f2c9dfb
2008.1/i586/pulseaudio-module-x11-0.9.9-7.3mdv2008.1.i586.rpm
976a8d07cb3fe01cffbfd6a2dff876b0
2008.1/i586/pulseaudio-module-zeroconf-0.9.9-7.3mdv2008.1.i586.rpm
a005e022f9a1f6196c4f9b8c8c8caf62
2008.1/i586/pulseaudio-utils-0.9.9-7.3mdv2008.1.i586.rpm
442edda195d371bc35b5c0f127811b2f
2008.1/SRPMS/pulseaudio-0.9.9-7.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
8728a2284e266874cc879bd0b6d7edaf
2008.1/x86_64/lib64pulseaudio0-0.9.9-7.3mdv2008.1.x86_64.rpm
1533b2777a8d2e56963f5b48d1683d48
2008.1/x86_64/lib64pulseaudio-devel-0.9.9-7.3mdv2008.1.x86_64.rpm
5e66f925ac1454ad6ac7a08e68737b94
2008.1/x86_64/lib64pulsecore5-0.9.9-7.3mdv2008.1.x86_64.rpm
b0ce01eaf200843f15ee35fdcdc5dc43
2008.1/x86_64/lib64pulseglib20-0.9.9-7.3mdv2008.1.x86_64.rpm
78bc7dbf0946169938c6d16c8365a7e6
2008.1/x86_64/lib64pulsezeroconf0-0.9.9-7.3mdv2008.1.x86_64.rpm
00274092fc0860c5f14947c85f301c43
2008.1/x86_64/pulseaudio-0.9.9-7.3mdv2008.1.x86_64.rpm
6e85932ff0a922826098c3e7d2bf7ca6
2008.1/x86_64/pulseaudio-esound-compat-0.9.9-7.3mdv2008.1.x86_64.rpm
3e9d1ff042999eaa80996346d0994bd3
2008.1/x86_64/pulseaudio-module-bluetooth-0.9.9-7.3mdv2008.1.x86_64.rpm
d5636d90102c47c5d5523dc139ccb076
2008.1/x86_64/pulseaudio-module-gconf-0.9.9-7.3mdv2008.1.x86_64.rpm
c90c261515c775728653cfcca191850f
2008.1/x86_64/pulseaudio-module-jack-0.9.9-7.3mdv2008.1.x86_64.rpm
9cdb901529b26c1d27374cd44a34e802
2008.1/x86_64/pulseaudio-module-lirc-0.9.9-7.3mdv2008.1.x86_64.rpm
444225d1a612afafb0766fe6e6e65e33
2008.1/x86_64/pulseaudio-module-x11-0.9.9-7.3mdv2008.1.x86_64.rpm
582f12ee41fa42e61e40ef89ba398509
2008.1/x86_64/pulseaudio-module-zeroconf-0.9.9-7.3mdv2008.1.x86_64.rpm
de769508329229fa4ede392710c94fc4
2008.1/x86_64/pulseaudio-utils-0.9.9-7.3mdv2008.1.x86_64.rpm
442edda195d371bc35b5c0f127811b2f
2008.1/SRPMS/pulseaudio-0.9.9-7.3mdv2008.1.src.rpm
Mandriva Linux 2009.0:
2bd956446a959942bde9244e8acfde76
2009.0/i586/libpulseaudio0-0.9.10-11.2mdv2009.0.i586.rpm
3fe94b495ff275f122ccc860dfa8e773
2009.0/i586/libpulseaudio-devel-0.9.10-11.2mdv2009.0.i586.rpm
9e076dc1b4c4c29aebef04381b36b75c
2009.0/i586/libpulsecore5-0.9.10-11.2mdv2009.0.i586.rpm
f6142fa6cd387016360f14e90f3b8e51
2009.0/i586/libpulseglib20-0.9.10-11.2mdv2009.0.i586.rpm
42cd75d1ef577468cd72e31b2396aa20
2009.0/i586/libpulsezeroconf0-0.9.10-11.2mdv2009.0.i586.rpm
df5ca44d1bfd83dae7c6f844f084d284
2009.0/i586/pulseaudio-0.9.10-11.2mdv2009.0.i586.rpm
782b151e7bd4d557030272aaf0d9b692
2009.0/i586/pulseaudio-esound-compat-0.9.10-11.2mdv2009.0.i586.rpm
2171e5cf67657ae96b01b3ac288087bf
2009.0/i586/pulseaudio-module-bluetooth-0.9.10-11.2mdv2009.0.i586.rpm
0292753f956a71e71534f1e1c20cc955
2009.0/i586/pulseaudio-module-gconf-0.9.10-11.2mdv2009.0.i586.rpm
d8de6623fbdf73b83cf3c7b0063ae76f
2009.0/i586/pulseaudio-module-jack-0.9.10-11.2mdv2009.0.i586.rpm
155328b8eee49b4ad60d63c30f36d8f9
2009.0/i586/pulseaudio-module-lirc-0.9.10-11.2mdv2009.0.i586.rpm
7384cbc44eea2b072dbddcb975de5bc8
2009.0/i586/pulseaudio-module-x11-0.9.10-11.2mdv2009.0.i586.rpm
f934999602cb29a03a545b256c26f1b8
2009.0/i586/pulseaudio-module-zeroconf-0.9.10-11.2mdv2009.0.i586.rpm
4c4a8d722f831b00bb8bcf54c44244d9
2009.0/i586/pulseaudio-utils-0.9.10-11.2mdv2009.0.i586.rpm
87e5b2d12daee5876785c5a0ab31b4c5
2009.0/SRPMS/pulseaudio-0.9.10-11.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
73fcb6879f5e8c289d5b10ae4219b141
2009.0/x86_64/lib64pulseaudio0-0.9.10-11.2mdv2009.0.x86_64.rpm
1c61d1f64cd1c212298817a18acc5ca4
2009.0/x86_64/lib64pulseaudio-devel-0.9.10-11.2mdv2009.0.x86_64.rpm
49d711f9b351ea08bd5eda2ee04f55ce
2009.0/x86_64/lib64pulsecore5-0.9.10-11.2mdv2009.0.x86_64.rpm
a8fdfb9ffdef78288c6cda40b61e6f18
2009.0/x86_64/lib64pulseglib20-0.9.10-11.2mdv2009.0.x86_64.rpm
f18f537ad924239d27daf8f4874d7442
2009.0/x86_64/lib64pulsezeroconf0-0.9.10-11.2mdv2009.0.x86_64.rpm
d8475e84e680b1a2ee5b9aabcbc0a914
2009.0/x86_64/pulseaudio-0.9.10-11.2mdv2009.0.x86_64.rpm
7b9b9361f2bcaf7f2164e0d52826df9c
2009.0/x86_64/pulseaudio-esound-compat-0.9.10-11.2mdv2009.0.x86_64.rpm
dcf79cb270166b6968162241b5b0c64e
2009.0/x86_64/pulseaudio-module-bluetooth-0.9.10-11.2mdv2009.0.x86_64.rpm
e321d4e6b726d556b7bab4f0eb68c453
2009.0/x86_64/pulseaudio-module-gconf-0.9.10-11.2mdv2009.0.x86_64.rpm
8cd25eaf38c2dc27de66f6f9b7f6eff5
2009.0/x86_64/pulseaudio-module-jack-0.9.10-11.2mdv2009.0.x86_64.rpm
3179eed7fc73f936ebfcd2291164ec51
2009.0/x86_64/pulseaudio-module-lirc-0.9.10-11.2mdv2009.0.x86_64.rpm
12e1246a76c219a094c856cd67b01726
2009.0/x86_64/pulseaudio-module-x11-0.9.10-11.2mdv2009.0.x86_64.rpm
12f30ef44575f593133d72c86c01bfee
2009.0/x86_64/pulseaudio-module-zeroconf-0.9.10-11.2mdv2009.0.x86_64.rpm
f71cc26c7ea4b6c6f050143167e2c0ed
2009.0/x86_64/pulseaudio-utils-0.9.10-11.2mdv2009.0.x86_64.rpm
87e5b2d12daee5876785c5a0ab31b4c5
2009.0/SRPMS/pulseaudio-0.9.10-11.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
b34a028de279eeff79b8c6fdfe0fd2b1
2009.1/i586/libpulseaudio0-0.9.15-2.0.6mdv2009.1.i586.rpm
70c44b7103a88e29b917d139b3dbfcb4
2009.1/i586/libpulseaudio-devel-0.9.15-2.0.6mdv2009.1.i586.rpm
92ed545bdefb77fcefd5d1b205608c8d
2009.1/i586/libpulseglib20-0.9.15-2.0.6mdv2009.1.i586.rpm
88c6b62951397fd1f844810e2f29f9d2
2009.1/i586/libpulsezeroconf0-0.9.15-2.0.6mdv2009.1.i586.rpm
61ef1d493c85320b9465b8d47cbde537
2009.1/i586/pulseaudio-0.9.15-2.0.6mdv2009.1.i586.rpm
90e019b2452a026e002b83beb4144446
2009.1/i586/pulseaudio-esound-compat-0.9.15-2.0.6mdv2009.1.i586.rpm
21aa6bee1f8a7904a8b1644765d8f773
2009.1/i586/pulseaudio-module-bluetooth-0.9.15-2.0.6mdv2009.1.i586.rpm
3124e03a2347231eb6a2aff9a5833e71
2009.1/i586/pulseaudio-module-gconf-0.9.15-2.0.6mdv2009.1.i586.rpm
54cc2ef02ca448f5540cb4775f807497
2009.1/i586/pulseaudio-module-jack-0.9.15-2.0.6mdv2009.1.i586.rpm
48de396bedac8da600ded2f09a713e27
2009.1/i586/pulseaudio-module-lirc-0.9.15-2.0.6mdv2009.1.i586.rpm
2f7a58cf7258ce6ab2bd335e2ce9e24a
2009.1/i586/pulseaudio-module-x11-0.9.15-2.0.6mdv2009.1.i586.rpm
bc3fd52f6ce8ba97466da1faded37c1e
2009.1/i586/pulseaudio-module-zeroconf-0.9.15-2.0.6mdv2009.1.i586.rpm
251cc934964ab60a989690b01939d25d
2009.1/i586/pulseaudio-utils-0.9.15-2.0.6mdv2009.1.i586.rpm
02142a9dd6148a6b79993b5387180e14
2009.1/SRPMS/pulseaudio-0.9.15-2.0.6mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
c8af7246c1b3a6ffb54c759cfc475c88
2009.1/x86_64/lib64pulseaudio0-0.9.15-2.0.6mdv2009.1.x86_64.rpm
715578b74205dcc1666f2b4c6607cfcf
2009.1/x86_64/lib64pulseaudio-devel-0.9.15-2.0.6mdv2009.1.x86_64.rpm
d4d2ee6c8c7eaaae7242c14088269781
2009.1/x86_64/lib64pulseglib20-0.9.15-2.0.6mdv2009.1.x86_64.rpm
4b53569e3636e9369ebb1db66617e83f
2009.1/x86_64/lib64pulsezeroconf0-0.9.15-2.0.6mdv2009.1.x86_64.rpm
c974082748919e19f703578661e2f037
2009.1/x86_64/pulseaudio-0.9.15-2.0.6mdv2009.1.x86_64.rpm
1e79b47e907b2dba5a5d2f938b1c6420
2009.1/x86_64/pulseaudio-esound-compat-0.9.15-2.0.6mdv2009.1.x86_64.rpm
00b8e0bc3dea7054e108c45073dd5192
2009.1/x86_64/pulseaudio-module-bluetooth-0.9.15-2.0.6mdv2009.1.x86_64.rpm
55179425940554fa93d9df17ad3e0130
2009.1/x86_64/pulseaudio-module-gconf-0.9.15-2.0.6mdv2009.1.x86_64.rpm
0f43e642f93caa04107552a64b4c86ba
2009.1/x86_64/pulseaudio-module-jack-0.9.15-2.0.6mdv2009.1.x86_64.rpm
c12814a8e83842ddb9c8075e4b06adef
2009.1/x86_64/pulseaudio-module-lirc-0.9.15-2.0.6mdv2009.1.x86_64.rpm
10f9ea21717946abad25edfca2198ac0
2009.1/x86_64/pulseaudio-module-x11-0.9.15-2.0.6mdv2009.1.x86_64.rpm
d0c3cc9dac5ea0f3fe4dbff344148207
2009.1/x86_64/pulseaudio-module-zeroconf-0.9.15-2.0.6mdv2009.1.x86_64.rpm
8779d5adf45fd7cfe58bf8bae436914b
2009.1/x86_64/pulseaudio-utils-0.9.15-2.0.6mdv2009.1.x86_64.rpm
02142a9dd6148a6b79993b5387180e14
2009.1/SRPMS/pulseaudio-0.9.15-2.0.6mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKYG2fmqjQ0CJFipgRAlZXAKCMxZivrn7Ez4PQJZl4rtnfGiR+uQCcCbh6
fBiuyxqIfFmlT/+59ZXwodQ=
=kCm6
-----END PGP SIGNATURE-----