lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1ORaV2-0007Xn-Pf@titan.mandriva.com>
Date: Thu, 24 Jun 2010 02:41:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:124 ] pulseaudio


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:124
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pulseaudio
 Date    : June 23, 2010
 Affected: 2008.0, 2009.0, 2009.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10
 and 0.9.19 allows local users to change the ownership and permissions
 of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary
 file (CVE-2009-1299).
 
 This update fixes this issue.
 _______________________________________________________________________

 References:

 https://qa.mandriva.com/59912
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 e804c90f35435c1a76bc743dfbb584b3  2008.0/i586/libpulseaudio0-0.9.6-3.3mdv2008.0.i586.rpm
 e977f66696f16c53e64117759de27f22  2008.0/i586/libpulseaudio0-devel-0.9.6-3.3mdv2008.0.i586.rpm
 a4220dc3aaaa2792f7a8d11384f5b628  2008.0/i586/libpulsecore3-0.9.6-3.3mdv2008.0.i586.rpm
 61395325609d32c442cdefafca42dc52  2008.0/i586/pulseaudio-0.9.6-3.3mdv2008.0.i586.rpm 
 0ba18d08033d15655e5f694d7c84227b  2008.0/SRPMS/pulseaudio-0.9.6-3.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 1c8d71d9b7d90c3008ea2201c6fb014e  2008.0/x86_64/lib64pulseaudio0-0.9.6-3.3mdv2008.0.x86_64.rpm
 4461979beb9d0f03020f3118b6f1b14f  2008.0/x86_64/lib64pulseaudio0-devel-0.9.6-3.3mdv2008.0.x86_64.rpm
 161dbf74c188615e5333b880fe48de36  2008.0/x86_64/lib64pulsecore3-0.9.6-3.3mdv2008.0.x86_64.rpm
 30fff089a03a648a4b23bff5eab57ec0  2008.0/x86_64/pulseaudio-0.9.6-3.3mdv2008.0.x86_64.rpm 
 0ba18d08033d15655e5f694d7c84227b  2008.0/SRPMS/pulseaudio-0.9.6-3.3mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 e13bc62bbe4364ce5d48679375a8a8a9  2009.0/i586/libpulseaudio0-0.9.10-11.3mdv2009.0.i586.rpm
 e3005151972fb8441654b7561fe0d248  2009.0/i586/libpulseaudio-devel-0.9.10-11.3mdv2009.0.i586.rpm
 f9cf0ba017a14ee8f733ff5f5a0df6c0  2009.0/i586/libpulsecore5-0.9.10-11.3mdv2009.0.i586.rpm
 6976571851b946eb02acedd3d8dbebf7  2009.0/i586/libpulseglib20-0.9.10-11.3mdv2009.0.i586.rpm
 b7b2fcf19c8686c973ee3fc23bdb7cfa  2009.0/i586/libpulsezeroconf0-0.9.10-11.3mdv2009.0.i586.rpm
 db6ad87e2431c3217226d5785fb648c6  2009.0/i586/pulseaudio-0.9.10-11.3mdv2009.0.i586.rpm
 07c1769eea04c7891b50fdb4765799a9  2009.0/i586/pulseaudio-esound-compat-0.9.10-11.3mdv2009.0.i586.rpm
 494d401585b5de7db760df82aa7ae545  2009.0/i586/pulseaudio-module-bluetooth-0.9.10-11.3mdv2009.0.i586.rpm
 81e5f19d64bc27bd4c2b6eda98510c8b  2009.0/i586/pulseaudio-module-gconf-0.9.10-11.3mdv2009.0.i586.rpm
 8888b788ed9bad20bec0855eef3a89d1  2009.0/i586/pulseaudio-module-jack-0.9.10-11.3mdv2009.0.i586.rpm
 1990f690e68919123f869a2eb41be03f  2009.0/i586/pulseaudio-module-lirc-0.9.10-11.3mdv2009.0.i586.rpm
 9851f1403bcf97d69a1b0b132e08efed  2009.0/i586/pulseaudio-module-x11-0.9.10-11.3mdv2009.0.i586.rpm
 6b96ede5c13a8cb8c4a5863ec3551fbf  2009.0/i586/pulseaudio-module-zeroconf-0.9.10-11.3mdv2009.0.i586.rpm
 0478ee23de1e032957216ecca370aaed  2009.0/i586/pulseaudio-utils-0.9.10-11.3mdv2009.0.i586.rpm 
 6343de51cb79c96543eae2cf9e75213c  2009.0/SRPMS/pulseaudio-0.9.10-11.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 868e128f6d5f37d71a3ed6abd70efbc1  2009.0/x86_64/lib64pulseaudio0-0.9.10-11.3mdv2009.0.x86_64.rpm
 2f17c281d3f8819f102d0b6014c2c899  2009.0/x86_64/lib64pulseaudio-devel-0.9.10-11.3mdv2009.0.x86_64.rpm
 96815eb2ab7782bdf208d505ac08da13  2009.0/x86_64/lib64pulsecore5-0.9.10-11.3mdv2009.0.x86_64.rpm
 a7c9d1a2883a7722134a3c2c2eea67ad  2009.0/x86_64/lib64pulseglib20-0.9.10-11.3mdv2009.0.x86_64.rpm
 a95dea7043a6decd0a5b149f8d021d21  2009.0/x86_64/lib64pulsezeroconf0-0.9.10-11.3mdv2009.0.x86_64.rpm
 f69e362b7a9c5a246fef4522ed0f9fa3  2009.0/x86_64/pulseaudio-0.9.10-11.3mdv2009.0.x86_64.rpm
 322f2306c1c476a1d1e6c781e30d994d  2009.0/x86_64/pulseaudio-esound-compat-0.9.10-11.3mdv2009.0.x86_64.rpm
 65ee2ebdbb91b7162b918f4f3718ed20  2009.0/x86_64/pulseaudio-module-bluetooth-0.9.10-11.3mdv2009.0.x86_64.rpm
 e68c209a41e10d90f8d14e9a523b2283  2009.0/x86_64/pulseaudio-module-gconf-0.9.10-11.3mdv2009.0.x86_64.rpm
 314e4acfb4b29f9aa7b6b2e9bd50bb1c  2009.0/x86_64/pulseaudio-module-jack-0.9.10-11.3mdv2009.0.x86_64.rpm
 21eac366956f3dcbd995d5e3872f6355  2009.0/x86_64/pulseaudio-module-lirc-0.9.10-11.3mdv2009.0.x86_64.rpm
 cb86695cda059f7a71efeddfa33e9957  2009.0/x86_64/pulseaudio-module-x11-0.9.10-11.3mdv2009.0.x86_64.rpm
 f7c95a9df28794a0d7292f0b9f3bdd3f  2009.0/x86_64/pulseaudio-module-zeroconf-0.9.10-11.3mdv2009.0.x86_64.rpm
 d7de58dfe97c5f1098fe3612dfaac819  2009.0/x86_64/pulseaudio-utils-0.9.10-11.3mdv2009.0.x86_64.rpm 
 6343de51cb79c96543eae2cf9e75213c  2009.0/SRPMS/pulseaudio-0.9.10-11.3mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 43f10d8943a47397cda9a459a52ecdc6  2009.1/i586/libpulseaudio0-0.9.15-2.1mdv2009.1.i586.rpm
 deefa751a75e91bfd4871cf0c84f9acd  2009.1/i586/libpulseaudio-devel-0.9.15-2.1mdv2009.1.i586.rpm
 b42b5a3cb7f451fef63c00767804a2a4  2009.1/i586/libpulseglib20-0.9.15-2.1mdv2009.1.i586.rpm
 c8e62314ddc0231f4d0cf1c10754bc65  2009.1/i586/libpulsezeroconf0-0.9.15-2.1mdv2009.1.i586.rpm
 0dc8a2ebe1dc70ed968d7e043fcd0443  2009.1/i586/pulseaudio-0.9.15-2.1mdv2009.1.i586.rpm
 63d757b6620a578aa49dd11ddc8cdca0  2009.1/i586/pulseaudio-esound-compat-0.9.15-2.1mdv2009.1.i586.rpm
 90b35ac556fc1c94fe8595c4b53c429a  2009.1/i586/pulseaudio-module-bluetooth-0.9.15-2.1mdv2009.1.i586.rpm
 26e8f63ccf48d9d1e91eca04b4337c2b  2009.1/i586/pulseaudio-module-gconf-0.9.15-2.1mdv2009.1.i586.rpm
 d44eeb62fc828bf9eaaa0214e5803a56  2009.1/i586/pulseaudio-module-jack-0.9.15-2.1mdv2009.1.i586.rpm
 c74c88b8f1cdf0492e766861e0e9a328  2009.1/i586/pulseaudio-module-lirc-0.9.15-2.1mdv2009.1.i586.rpm
 ad6a7fd46c3a846b15118465d3deb019  2009.1/i586/pulseaudio-module-x11-0.9.15-2.1mdv2009.1.i586.rpm
 6d3680ad3a179431341a818c14ea88c8  2009.1/i586/pulseaudio-module-zeroconf-0.9.15-2.1mdv2009.1.i586.rpm
 009ffc74be4d656f84e5af2a2fe7700c  2009.1/i586/pulseaudio-utils-0.9.15-2.1mdv2009.1.i586.rpm 
 bd0d81ae4238e2eebc4087628c61c7f3  2009.1/SRPMS/pulseaudio-0.9.15-2.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 d8383bf892d4f06c81fc96983a1b16f5  2009.1/x86_64/lib64pulseaudio0-0.9.15-2.1mdv2009.1.x86_64.rpm
 9f748165c144c0f06758d1bb58fbd3fb  2009.1/x86_64/lib64pulseaudio-devel-0.9.15-2.1mdv2009.1.x86_64.rpm
 602fd8b8aba1a2dc1fb96bbd445baedc  2009.1/x86_64/lib64pulseglib20-0.9.15-2.1mdv2009.1.x86_64.rpm
 828abbdbf958de94af84c9bf214592c3  2009.1/x86_64/lib64pulsezeroconf0-0.9.15-2.1mdv2009.1.x86_64.rpm
 69337b185108d299a77805e4d8ad13af  2009.1/x86_64/pulseaudio-0.9.15-2.1mdv2009.1.x86_64.rpm
 f13ed52bd2b0ad4d09b215664beb67e3  2009.1/x86_64/pulseaudio-esound-compat-0.9.15-2.1mdv2009.1.x86_64.rpm
 51410c9ca131d140e3f6940b7c9ff18a  2009.1/x86_64/pulseaudio-module-bluetooth-0.9.15-2.1mdv2009.1.x86_64.rpm
 e0cc8bff44a5d3ab846e12e8a1fb5cc9  2009.1/x86_64/pulseaudio-module-gconf-0.9.15-2.1mdv2009.1.x86_64.rpm
 28decc382ed9604c4f00475b909ff073  2009.1/x86_64/pulseaudio-module-jack-0.9.15-2.1mdv2009.1.x86_64.rpm
 6b4d11bc23dd9a209ec9b102a48a8b67  2009.1/x86_64/pulseaudio-module-lirc-0.9.15-2.1mdv2009.1.x86_64.rpm
 86c6ba0fd9bfc23233339348820c71f2  2009.1/x86_64/pulseaudio-module-x11-0.9.15-2.1mdv2009.1.x86_64.rpm
 0187acc31cd3de991880813a2ffca003  2009.1/x86_64/pulseaudio-module-zeroconf-0.9.15-2.1mdv2009.1.x86_64.rpm
 e0580d28406c12aa9c6998f09c69450f  2009.1/x86_64/pulseaudio-utils-0.9.15-2.1mdv2009.1.x86_64.rpm 
 bd0d81ae4238e2eebc4087628c61c7f3  2009.1/SRPMS/pulseaudio-0.9.15-2.1mdv2009.1.src.rpm

 Mandriva Enterprise Server 5:
 a97e9c6847af75c5635a919a94e42e38  mes5/i586/libpulseaudio0-0.9.10-11.3mdvmes5.i586.rpm
 d928752def3ad996fe8d7cb74f002bef  mes5/i586/libpulseaudio-devel-0.9.10-11.3mdvmes5.i586.rpm
 d47e529fe04f4bc6a793f417556b019c  mes5/i586/libpulsecore5-0.9.10-11.3mdvmes5.i586.rpm
 071ea1f27540559f4d02a4be7108199d  mes5/i586/libpulseglib20-0.9.10-11.3mdvmes5.i586.rpm
 c6f11601c0aee1631daee948f57ee6f5  mes5/i586/libpulsezeroconf0-0.9.10-11.3mdvmes5.i586.rpm
 afaa500081de2de7ec08687276e4ed4d  mes5/i586/pulseaudio-0.9.10-11.3mdvmes5.i586.rpm
 d9cd49795ee77e5b13eb4cf515e8e9d6  mes5/i586/pulseaudio-esound-compat-0.9.10-11.3mdvmes5.i586.rpm
 3055f0c3498de1c113b2ccf2adc39ec1  mes5/i586/pulseaudio-module-bluetooth-0.9.10-11.3mdvmes5.i586.rpm
 ada2e846882fedf8b9f063ab772e2f93  mes5/i586/pulseaudio-module-gconf-0.9.10-11.3mdvmes5.i586.rpm
 4baebe8d3d3b0455e6f52e0d86765179  mes5/i586/pulseaudio-module-jack-0.9.10-11.3mdvmes5.i586.rpm
 aac6cd87367f1846a1bf9f312fc8823c  mes5/i586/pulseaudio-module-lirc-0.9.10-11.3mdvmes5.i586.rpm
 bdec5a5e3764239435343a77829b9996  mes5/i586/pulseaudio-module-x11-0.9.10-11.3mdvmes5.i586.rpm
 a1e2d6adb6f6194e6a48ca446359135f  mes5/i586/pulseaudio-module-zeroconf-0.9.10-11.3mdvmes5.i586.rpm
 31599be5d635c8ee362bc9f6c04f6a2f  mes5/i586/pulseaudio-utils-0.9.10-11.3mdvmes5.i586.rpm 
 fcfd1bc3a9195d9026a5ec9292eebbc3  mes5/SRPMS/pulseaudio-0.9.10-11.3mdv2009.0.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 d1078a72274f3505bf693f21ae05505d  mes5/x86_64/lib64pulseaudio0-0.9.10-11.3mdvmes5.x86_64.rpm
 645bb0f48c0624fe4c78bc4d6e7ac788  mes5/x86_64/lib64pulseaudio-devel-0.9.10-11.3mdvmes5.x86_64.rpm
 490b31680b1232e111d875287738e748  mes5/x86_64/lib64pulsecore5-0.9.10-11.3mdvmes5.x86_64.rpm
 01cf3776cfaccaf401cf4ab9dd56ed71  mes5/x86_64/lib64pulseglib20-0.9.10-11.3mdvmes5.x86_64.rpm
 1c1639d5c4059c1a6bf8b2342d4d76f6  mes5/x86_64/lib64pulsezeroconf0-0.9.10-11.3mdvmes5.x86_64.rpm
 009282370a3e510a61692d4782a9eadc  mes5/x86_64/pulseaudio-0.9.10-11.3mdvmes5.x86_64.rpm
 f1a08c330344e6539e32e94c019ff719  mes5/x86_64/pulseaudio-esound-compat-0.9.10-11.3mdvmes5.x86_64.rpm
 4323818e9f535d40c9e7d13837a81588  mes5/x86_64/pulseaudio-module-bluetooth-0.9.10-11.3mdvmes5.x86_64.rpm
 1ed849d9a5663412307d541e6175f05c  mes5/x86_64/pulseaudio-module-gconf-0.9.10-11.3mdvmes5.x86_64.rpm
 5088d06e237e9978d127623fc21d9a7f  mes5/x86_64/pulseaudio-module-jack-0.9.10-11.3mdvmes5.x86_64.rpm
 b5fcfec98aed3eb60839722087c286ae  mes5/x86_64/pulseaudio-module-lirc-0.9.10-11.3mdvmes5.x86_64.rpm
 289f88d4e9d49c2228a90580f65df2e7  mes5/x86_64/pulseaudio-module-x11-0.9.10-11.3mdvmes5.x86_64.rpm
 088d9b902d9f435a63bde203e377f5e9  mes5/x86_64/pulseaudio-module-zeroconf-0.9.10-11.3mdvmes5.x86_64.rpm
 725f8b1c9b3158e8b3650cd3567c0482  mes5/x86_64/pulseaudio-utils-0.9.10-11.3mdvmes5.x86_64.rpm 
 fcfd1bc3a9195d9026a5ec9292eebbc3  mes5/SRPMS/pulseaudio-0.9.10-11.3mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMIniAmqjQ0CJFipgRAqJ2AJ9pTwMrUr2lI6s1nqpFX50axuaHZgCgxX+6
Ow31YR588crVaxJIFhP3mJA=
=oSlv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ