Debian DSA-2017-1: Critical Alert On PulseAudio Insecure Directory Risk

Dan Rosenberg discovered that the PulseAudio sound server creates a
temporary directory with a predictable name. This allows a local attacker
to create a Denial of Service condition or possibly disclose sensitive
information to unprivileged users.


For the stable distribution (lenny), this problem has been fixed in
version 0.9.10-3+lenny2.

For the testing (squeeze) and unstable (sid) distribution this problem
will be fixed soon.

We recommend that you upgrade your pulseaudio package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, ...