=========================================================================Ubuntu Security Notice USN-4640-1
November 23, 2020

pulseaudio vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

PulseAudio could be made to expose sensitive information.

Software Description:
- pulseaudio: PulseAudio sound server

Details:

James Henstridge discovered that an Ubuntu-specific patch caused
PulseAudio to incorrectly handle snap client connections. An attacker
could possibly use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  libpulse-mainloop-glib0         1:13.99.2-1ubuntu2.1
  libpulse0                       1:13.99.2-1ubuntu2.1
  libpulsedsp                     1:13.99.2-1ubuntu2.1
  pulseaudio                      1:13.99.2-1ubuntu2.1
  pulseaudio-equalizer            1:13.99.2-1ubuntu2.1
  pulseaudio-module-bluetooth     1:13.99.2-1ubuntu2.1
  pulseaudio-module-gsettings     1:13.99.2-1ubuntu2.1
  pulseaudio-module-jack          1:13.99.2-1ubuntu2.1
  pulseaudio-module-lirc          1:13.99.2-1ubuntu2.1
  pulseaudio-module-raop          1:13.99.2-1ubuntu2.1
  pulseaudio-module-zeroconf      1:13.99.2-1ubuntu2.1
  pulseaudio-utils                1:13.99.2-1ubuntu2.1

Ubuntu 20.04 LTS:
  libpulse-mainloop-glib0         1:13.99.1-1ubuntu3.8
  libpulse0                       1:13.99.1-1ubuntu3.8
  libpulsedsp                     1:13.99.1-1ubuntu3.8
  pulseaudio                      1:13.99.1-1ubuntu3.8
  pulseaudio-equalizer            1:13.99.1-1ubuntu3.8
  pulseaudio-module-bluetooth     1:13.99.1-1ubuntu3.8
  pulseaudio-module-gsettings     1:13.99.1-1ubuntu3.8
  pulseaudio-module-jack          1:13.99.1-1ubuntu3.8
  pulseaudio-module-lirc          1:13.99.1-1ubuntu3.8
  pulseaudio-module-raop          1:13.99.1-1ubuntu3.8
  pulseaudio-module-zeroconf      1:13.99.1-1ubuntu3.8
  pulseaudio-utils                1:13.99.1-1ubuntu3.8

Ubuntu 18.04 LTS:
  libpulse-mainloop-glib0         1:11.1-1ubuntu7.11
  libpulse0                       1:11.1-1ubuntu7.11
  libpulsedsp                     1:11.1-1ubuntu7.11
  pulseaudio                      1:11.1-1ubuntu7.11
  pulseaudio-equalizer            1:11.1-1ubuntu7.11
  pulseaudio-esound-compat        1:11.1-1ubuntu7.11
  pulseaudio-module-bluetooth     1:11.1-1ubuntu7.11
  pulseaudio-module-gconf         1:11.1-1ubuntu7.11
  pulseaudio-module-jack          1:11.1-1ubuntu7.11
  pulseaudio-module-lirc          1:11.1-1ubuntu7.11
  pulseaudio-module-raop          1:11.1-1ubuntu7.11
  pulseaudio-module-zeroconf      1:11.1-1ubuntu7.11
  pulseaudio-utils                1:11.1-1ubuntu7.11

Ubuntu 16.04 LTS:
  libpulse-mainloop-glib0         1:8.0-0ubuntu3.15
  libpulse0                       1:8.0-0ubuntu3.15
  libpulsedsp                     1:8.0-0ubuntu3.15
  pulseaudio                      1:8.0-0ubuntu3.15
  pulseaudio-esound-compat        1:8.0-0ubuntu3.15
  pulseaudio-module-bluetooth     1:8.0-0ubuntu3.15
  pulseaudio-module-droid         1:8.0-0ubuntu3.15
  pulseaudio-module-gconf         1:8.0-0ubuntu3.15
  pulseaudio-module-jack          1:8.0-0ubuntu3.15
  pulseaudio-module-lirc          1:8.0-0ubuntu3.15
  pulseaudio-module-raop          1:8.0-0ubuntu3.15
  pulseaudio-module-trust-store   1:8.0-0ubuntu3.15
  pulseaudio-module-x11           1:8.0-0ubuntu3.15
  pulseaudio-module-zeroconf      1:8.0-0ubuntu3.15
  pulseaudio-utils                1:8.0-0ubuntu3.15

After a standard system update you need to restart your session to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4640-1
  CVE-2020-16123

Package Information:
  https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1
  https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8
  https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11
  https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15

Ubuntu 4640-1: PulseAudio vulnerability

November 23, 2020
PulseAudio could be made to expose sensitive information.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libpulse-mainloop-glib0 1:13.99.2-1ubuntu2.1 libpulse0 1:13.99.2-1ubuntu2.1 libpulsedsp 1:13.99.2-1ubuntu2.1 pulseaudio 1:13.99.2-1ubuntu2.1 pulseaudio-equalizer 1:13.99.2-1ubuntu2.1 pulseaudio-module-bluetooth 1:13.99.2-1ubuntu2.1 pulseaudio-module-gsettings 1:13.99.2-1ubuntu2.1 pulseaudio-module-jack 1:13.99.2-1ubuntu2.1 pulseaudio-module-lirc 1:13.99.2-1ubuntu2.1 pulseaudio-module-raop 1:13.99.2-1ubuntu2.1 pulseaudio-module-zeroconf 1:13.99.2-1ubuntu2.1 pulseaudio-utils 1:13.99.2-1ubuntu2.1 Ubuntu 20.04 LTS: libpulse-mainloop-glib0 1:13.99.1-1ubuntu3.8 libpulse0 1:13.99.1-1ubuntu3.8 libpulsedsp 1:13.99.1-1ubuntu3.8 pulseaudio 1:13.99.1-1ubuntu3.8 pulseaudio-equalizer 1:13.99.1-1ubuntu3.8 pulseaudio-module-bluetooth 1:13.99.1-1ubuntu3.8 pulseaudio-module-gsettings 1:13.99.1-1ubuntu3.8 pulseaudio-module-jack 1:13.99.1-1ubuntu3.8 pulseaudio-module-lirc 1:13.99.1-1ubuntu3.8 pulseaudio-module-raop 1:13.99.1-1ubuntu3.8 pulseaudio-module-zeroconf 1:13.99.1-1ubuntu3.8 pulseaudio-utils 1:13.99.1-1ubuntu3.8 Ubuntu 18.04 LTS: libpulse-mainloop-glib0 1:11.1-1ubuntu7.11 libpulse0 1:11.1-1ubuntu7.11 libpulsedsp 1:11.1-1ubuntu7.11 pulseaudio 1:11.1-1ubuntu7.11 pulseaudio-equalizer 1:11.1-1ubuntu7.11 pulseaudio-esound-compat 1:11.1-1ubuntu7.11 pulseaudio-module-bluetooth 1:11.1-1ubuntu7.11 pulseaudio-module-gconf 1:11.1-1ubuntu7.11 pulseaudio-module-jack 1:11.1-1ubuntu7.11 pulseaudio-module-lirc 1:11.1-1ubuntu7.11 pulseaudio-module-raop 1:11.1-1ubuntu7.11 pulseaudio-module-zeroconf 1:11.1-1ubuntu7.11 pulseaudio-utils 1:11.1-1ubuntu7.11 Ubuntu 16.04 LTS: libpulse-mainloop-glib0 1:8.0-0ubuntu3.15 libpulse0 1:8.0-0ubuntu3.15 libpulsedsp 1:8.0-0ubuntu3.15 pulseaudio 1:8.0-0ubuntu3.15 pulseaudio-esound-compat 1:8.0-0ubuntu3.15 pulseaudio-module-bluetooth 1:8.0-0ubuntu3.15 pulseaudio-module-droid 1:8.0-0ubuntu3.15 pulseaudio-module-gconf 1:8.0-0ubuntu3.15 pulseaudio-module-jack 1:8.0-0ubuntu3.15 pulseaudio-module-lirc 1:8.0-0ubuntu3.15 pulseaudio-module-raop 1:8.0-0ubuntu3.15 pulseaudio-module-trust-store 1:8.0-0ubuntu3.15 pulseaudio-module-x11 1:8.0-0ubuntu3.15 pulseaudio-module-zeroconf 1:8.0-0ubuntu3.15 pulseaudio-utils 1:8.0-0ubuntu3.15 After a standard system update you need to restart your session to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4640-1

CVE-2020-16123

Severity
November 23, 2020

Package Information

https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.2-1ubuntu2.1 https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.8 https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.11 https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.15

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved