Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 20.10 USN-4640-1 Critical: PulseAudio Information Exposure

ubuntu
Calendar Grey November 23, 2020
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-4640-1 addresses a vulnerability in PulseAudio, which could potentially expose sensitive information in multiple distributions.
PulseAudio could be made to expose sensitive information.

Summary

PulseAudio could be made to expose sensitive information.

Software Description:

- pulseaudio: PulseAudio sound server

Details:

James Henstridge discovered that an Ubuntu-specific patch caused

PulseAudio to incorrectly handle snap client connections. An attacker

could possibly use this to expose sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  libpulse-mainloop-glib0         1:13.99.2-1ubuntu2.1
  libpulse0                       1:13.99.2-1ubuntu2.1
  libpulsedsp                     1:13.99.2-1ubuntu2.1
  pulseaudio                      1:13.99.2-1ubuntu2.1
  pulseaudio-equalizer            1:13.99.2-1ubuntu2.1
  pulseaudio-module-bluetooth     1:13.99.2-1ubuntu2.1
  pulseaudio-module-gsettings     1:13.99.2-1ubuntu2.1
  pulseaudio-module-jack          1:13.99.2-1ubuntu2.1
  pulseaudio-module-lirc          1:13.99.2-1ubuntu2.1
  pulseaudio-module-raop          1:13.99.2-1ubuntu2.1
  pulseaudio-module-zeroconf      1:13.99.2-1ubuntu2.1
  pulseaudio-utils                1:13.99.2-1ubuntu2.1

Ubuntu 20.04 LTS:
  libpulse-mainloop-glib0         1:13.99.1-1ubuntu3.8
  libpulse0                       1:13.99.1-1ubuntu3.8
  libpulsedsp                     1:13.99.1-1ubuntu3.8
  pulseaudio                      1:13.99.1-1ubuntu3.8
  pulseaudio-equalizer            1:13.99.1-1ubuntu3.8
  pulseaudio-module-bluetooth     1:13.99.1-1ubuntu3.8
  pulseaudio-module-gsettings     1:13.99.1-1ubuntu3.8
  pulseaudio-module-jack          1:13.99.1-1ubuntu3.8
  pulseaudio-module-lirc          1:13.99.1-1ubuntu3.8
  pulseaudio-module-raop          1:13.99.1-1ubuntu3.8
  pulseaudio-module-zeroconf      1:13.99.1-1ubuntu3.8
  pulseaudio-utils                1:13.99.1-1ubuntu3.8

Ubuntu 18.04 LTS:
  libpulse-mainloop-glib0         1:11.1-1ubuntu7.11
  libpulse0                       1:11.1-1ubuntu7.11
  libpulsedsp                     1:11.1-1ubuntu7.11
  pulseaudio                      1:11.1-1ubuntu7.11
  pulseaudio-equalizer            1:11.1-1ubuntu7.11
  pulseaudio-esound-compat        1:11.1-1ubuntu7.11
  pulseaudio-module-bluetooth     1:11.1-1ubuntu7.11
  pulseaudio-module-gconf         1:11.1-1ubuntu7.11
  pulseaudio-module-jack          1:11.1-1ubuntu7.11
  pulseaudio-module-lirc          1:11.1-1ubuntu7.11
  pulseaudio-module-raop          1:11.1-1ubuntu7.11
  pulseaudio-module-zeroconf      1:11.1-1ubuntu7.11
  pulseaudio-utils                1:11.1-1ubuntu7.11

Ubuntu 16.04 LTS:
  libpulse-mainloop-glib0         1:8.0-0ubuntu3.15
  libpulse0                       1:8.0-0ubuntu3.15
  libpulsedsp                     1:8.0-0ubuntu3.15
  pulseaudio                      1:8.0-0ubuntu3.15
  pulseaudio-esound-compat        1:8.0-0ubuntu3.15
  pulseaudio-module-bluetooth     1:8.0-0ubuntu3.15
  pulseaudio-module-droid         1:8.0-0ubuntu3.15
  pulseaudio-module-gconf         1:8.0-0ubuntu3.15
  pulseaudio-module-jack          1:8.0-0ubuntu3.15
  pulseaudio-module-lirc          1:8.0-0ubuntu3.15
  pulseaudio-module-raop          1:8.0-0ubuntu3.15
  pulseaudio-module-trust-store   1:8.0-0ubuntu3.15
  pulseaudio-module-x11           1:8.0-0ubuntu3.15
  pulseaudio-module-zeroconf      1:8.0-0ubuntu3.15
  pulseaudio-utils                1:8.0-0ubuntu3.15

After a standard system update you need to restart your session to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4640-1

CVE-2020-16123

Severity
critical
Lowest
Low
Medium
High
Critical

November 23, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.