lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 29 Mar 2015 13:08:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:134 ] pulseaudio

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:134
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : pulseaudio
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated pulseaudio package fixes RTP remote crash vulnerability:
 
 PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP
 attack which could crash the PulseAudio server simply by sending an
 empty UDP packet.
 
 Additionally, the version of PulseAudio shipped in mbs2 was a
 pre-release version of PulseAudio v5 and has been updated to the
 official final version.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970
 http://advisories.mageia.org/MGASA-2014-0440.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 c7173778c42dc113d5b3f5fa22c0bed4  mbs2/x86_64/lib64pulseaudio0-5.0-1.mbs2.x86_64.rpm
 eb56efad6ea78e06542415b91978dac0  mbs2/x86_64/lib64pulseaudio-devel-5.0-1.mbs2.x86_64.rpm
 0df303db1ceed4a22176f1b08bbfc98b  mbs2/x86_64/lib64pulsecommon5.0-5.0-1.mbs2.x86_64.rpm
 efc62c8009ab642f87342b5f32b45c79  mbs2/x86_64/lib64pulsecore5.0-5.0-1.mbs2.x86_64.rpm
 d2289b4e1f9ab3e0fbbda56aae56ec5a  mbs2/x86_64/lib64pulseglib20-5.0-1.mbs2.x86_64.rpm
 ae94b8d766cc6c3c755d2a5cb492c4ac  mbs2/x86_64/pulseaudio-5.0-1.mbs2.x86_64.rpm
 5e4b67fa760fa7f69af024ad1a5340c0  mbs2/x86_64/pulseaudio-client-config-5.0-1.mbs2.x86_64.rpm
 ee4e7ad07378be8e74b065eb233b6044  mbs2/x86_64/pulseaudio-esound-compat-5.0-1.mbs2.x86_64.rpm
 9ca9587b15145cce0579f8dc77c6f06b  mbs2/x86_64/pulseaudio-module-bluetooth-5.0-1.mbs2.x86_64.rpm
 99954fd5fb94ec709abc21df7c1c7abe  mbs2/x86_64/pulseaudio-module-equalizer-5.0-1.mbs2.x86_64.rpm
 ae40837d35dd20f7fb2fb8d2f8051f6c  mbs2/x86_64/pulseaudio-module-gconf-5.0-1.mbs2.x86_64.rpm
 c558e998f4b7b3e676a55d9f50ba21cc  mbs2/x86_64/pulseaudio-module-jack-5.0-1.mbs2.x86_64.rpm
 5be7891d6cefe93f0c7158147e768e44  mbs2/x86_64/pulseaudio-module-lirc-5.0-1.mbs2.x86_64.rpm
 04fc999181c8326081e41140550aeba3  mbs2/x86_64/pulseaudio-module-x11-5.0-1.mbs2.x86_64.rpm
 e4c964e2b5cd17bc4508d595e4f37faa  mbs2/x86_64/pulseaudio-module-xen-5.0-1.mbs2.x86_64.rpm
 02228e2f73af3fdd03523ee479c8abea  mbs2/x86_64/pulseaudio-module-zeroconf-5.0-1.mbs2.x86_64.rpm
 92b85f86e00d4a82bfa3c98034ede5fd  mbs2/x86_64/pulseaudio-utils-5.0-1.mbs2.x86_64.rpm 
 256e3c1f6e1be52e2f95f7ec3431c59e  mbs2/SRPMS/pulseaudio-5.0-1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVF88omqjQ0CJFipgRAlH4AKC2jT23PGz0KcrKrX33oSifVSBXYwCcDUnM
2/X1Nk/chffE55Zz3CgKajc=
=Cnon
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists