Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 20.04: USN-4355-1 Critical: PulseAudio Snap Package Access Issue

ubuntu
Calendar Grey May 12, 2020
Dist Ubuntu Esm H88
A security flaw in PulseAudio on Ubuntu enables unauthorized entry to snap packages across various versions. Update needed.
PulseAudio could allow unintended access to snap packages.

Summary

PulseAudio could allow unintended access to snap packages.

Software Description:

- pulseaudio: PulseAudio sound server

Details:

PulseAudio in Ubuntu contains additional functionality to mediate audio

recording for snap packages and it was discovered that this functionality

did not mediate PulseAudio module unloading. An attacker-controlled snap

with only the audio-playback interface connected could exploit this to

bypass access controls and record audio.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  pulseaudio                      1:13.99.1-1ubuntu3.2

Ubuntu 19.10:
  pulseaudio                      1:13.0-1ubuntu1.2

Ubuntu 18.04 LTS:
  pulseaudio                      1:11.1-1ubuntu7.7

Ubuntu 16.04 LTS:
  pulseaudio                      1:8.0-0ubuntu3.12

After a standard system update you need to restart your session to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4355-1

CVE-2020-11931, https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102

Severity
critical
Lowest
Low
Medium
High
Critical

May 12, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here