[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YcB4S-0000Ns-Gp@titan.mandriva.com>
Date: Sun, 29 Mar 2015 13:08:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:134 ] pulseaudio
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:134
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : pulseaudio
Date : March 29, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated pulseaudio package fixes RTP remote crash vulnerability:
PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP
attack which could crash the PulseAudio server simply by sending an
empty UDP packet.
Additionally, the version of PulseAudio shipped in mbs2 was a
pre-release version of PulseAudio v5 and has been updated to the
official final version.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970
http://advisories.mageia.org/MGASA-2014-0440.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
c7173778c42dc113d5b3f5fa22c0bed4 mbs2/x86_64/lib64pulseaudio0-5.0-1.mbs2.x86_64.rpm
eb56efad6ea78e06542415b91978dac0 mbs2/x86_64/lib64pulseaudio-devel-5.0-1.mbs2.x86_64.rpm
0df303db1ceed4a22176f1b08bbfc98b mbs2/x86_64/lib64pulsecommon5.0-5.0-1.mbs2.x86_64.rpm
efc62c8009ab642f87342b5f32b45c79 mbs2/x86_64/lib64pulsecore5.0-5.0-1.mbs2.x86_64.rpm
d2289b4e1f9ab3e0fbbda56aae56ec5a mbs2/x86_64/lib64pulseglib20-5.0-1.mbs2.x86_64.rpm
ae94b8d766cc6c3c755d2a5cb492c4ac mbs2/x86_64/pulseaudio-5.0-1.mbs2.x86_64.rpm
5e4b67fa760fa7f69af024ad1a5340c0 mbs2/x86_64/pulseaudio-client-config-5.0-1.mbs2.x86_64.rpm
ee4e7ad07378be8e74b065eb233b6044 mbs2/x86_64/pulseaudio-esound-compat-5.0-1.mbs2.x86_64.rpm
9ca9587b15145cce0579f8dc77c6f06b mbs2/x86_64/pulseaudio-module-bluetooth-5.0-1.mbs2.x86_64.rpm
99954fd5fb94ec709abc21df7c1c7abe mbs2/x86_64/pulseaudio-module-equalizer-5.0-1.mbs2.x86_64.rpm
ae40837d35dd20f7fb2fb8d2f8051f6c mbs2/x86_64/pulseaudio-module-gconf-5.0-1.mbs2.x86_64.rpm
c558e998f4b7b3e676a55d9f50ba21cc mbs2/x86_64/pulseaudio-module-jack-5.0-1.mbs2.x86_64.rpm
5be7891d6cefe93f0c7158147e768e44 mbs2/x86_64/pulseaudio-module-lirc-5.0-1.mbs2.x86_64.rpm
04fc999181c8326081e41140550aeba3 mbs2/x86_64/pulseaudio-module-x11-5.0-1.mbs2.x86_64.rpm
e4c964e2b5cd17bc4508d595e4f37faa mbs2/x86_64/pulseaudio-module-xen-5.0-1.mbs2.x86_64.rpm
02228e2f73af3fdd03523ee479c8abea mbs2/x86_64/pulseaudio-module-zeroconf-5.0-1.mbs2.x86_64.rpm
92b85f86e00d4a82bfa3c98034ede5fd mbs2/x86_64/pulseaudio-utils-5.0-1.mbs2.x86_64.rpm
256e3c1f6e1be52e2f95f7ec3431c59e mbs2/SRPMS/pulseaudio-5.0-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVF88omqjQ0CJFipgRAlH4AKC2jT23PGz0KcrKrX33oSifVSBXYwCcDUnM
2/X1Nk/chffE55Zz3CgKajc=
=Cnon
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists