1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • PulseAudio vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, September 17, 2020 20:10:04
    pulseaudio vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 16.04 LTS

    Summary

    PulseAudio could be made to crash or run programs as your login if
    it received specially crafted input.

    Software Description

    * pulseaudio - PulseAudio sound server

    Details

    Ratchanan Srirattanamet discovered that an Ubuntu-specific patch
    caused PulseAudio to incorrectly handle memory under certain error
    conditions in the Bluez 5 module. An attacker could use this issue
    to cause PulseAudio to crash, resulting in a denial of service, or
    possibly execute arbitrary code. (CVE-2020-15710)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 16.04 LTS
    libpulse-mainloop-glib0 - 1:8.0-0ubuntu3.14
    libpulse0 - 1:8.0-0ubuntu3.14
    pulseaudio - 1:8.0-0ubuntu3.14
    pulseaudio-module-bluetooth - 1:8.0-0ubuntu3.14
    pulseaudio-utils - 1:8.0-0ubuntu3.14

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-15710

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)