[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:027
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pulseaudio
Date : January 25, 2008
Affected: 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
A programming flaw was found in Pulseaudio versions older than 0.9.9,
by which a local user can gain root access, if pulseaudio is installed
as a setuid to root binary, which is the recommended configuration.
The updated packages fix this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0008
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
52f138a98db13ca5eb3d9a37b9b8efe0
2007.1/i586/libpulseaudio0-0.9.5-1.2mdv2007.1.i586.rpm
f48d1b6b61fa0c52406b76c010604f00
2007.1/i586/libpulseaudio0-devel-0.9.5-1.2mdv2007.1.i586.rpm
baa1c32f82d6925d3533c4d848fe0785
2007.1/i586/libpulsecore2-0.9.5-1.2mdv2007.1.i586.rpm
55bbdfcca0c7809ee8a1e0ddf4b6e15d
2007.1/i586/pulseaudio-0.9.5-1.2mdv2007.1.i586.rpm
8e833b7c732943d2ef143e35acf2f4e1
2007.1/SRPMS/pulseaudio-0.9.5-1.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
25a669614bfe39badacd0e9c9adaa0ab
2007.1/x86_64/lib64pulseaudio0-0.9.5-1.2mdv2007.1.x86_64.rpm
f93980d7641d4aafd0f51b83a665d9c3
2007.1/x86_64/lib64pulseaudio0-devel-0.9.5-1.2mdv2007.1.x86_64.rpm
0f1442574974705cb4508432c5d2a958
2007.1/x86_64/lib64pulsecore2-0.9.5-1.2mdv2007.1.x86_64.rpm
96f6df3186f6622e68178fc238a8396f
2007.1/x86_64/pulseaudio-0.9.5-1.2mdv2007.1.x86_64.rpm
8e833b7c732943d2ef143e35acf2f4e1
2007.1/SRPMS/pulseaudio-0.9.5-1.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
47d86f290ace043d9afff832167fd4e9
2008.0/i586/libpulseaudio0-0.9.6-3.2mdv2008.0.i586.rpm
1b8bdf5f12c0b49700f99fa548af8097
2008.0/i586/libpulseaudio0-devel-0.9.6-3.2mdv2008.0.i586.rpm
0da7faa98ccb33abf6ab01be9196532a
2008.0/i586/libpulsecore3-0.9.6-3.2mdv2008.0.i586.rpm
134fdecb71eb1a9486be1fb50f2a9dd1
2008.0/i586/pulseaudio-0.9.6-3.2mdv2008.0.i586.rpm
ec9296a94a1f5ddb68f07e1188ed6fbd
2008.0/SRPMS/pulseaudio-0.9.6-3.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
32b199e39787b69263fb4ad12fc406f2
2008.0/x86_64/lib64pulseaudio0-0.9.6-3.2mdv2008.0.x86_64.rpm
290bc9b8b5088dc34dcb4bc759de0674
2008.0/x86_64/lib64pulseaudio0-devel-0.9.6-3.2mdv2008.0.x86_64.rpm
1156bbd6a875bfe3039dd4a4c0bbd7c3
2008.0/x86_64/lib64pulsecore3-0.9.6-3.2mdv2008.0.x86_64.rpm
2e4058e6aa6b0c87340e71b491f3f494
2008.0/x86_64/pulseaudio-0.9.6-3.2mdv2008.0.x86_64.rpm
ec9296a94a1f5ddb68f07e1188ed6fbd
2008.0/SRPMS/pulseaudio-0.9.6-3.2mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHmlCKmqjQ0CJFipgRApSzAJ98ybCvdBytqs44lj4rhDhjNLeWjwCeObM6
YuDhSanGTkSC5wxyBN23m0k=
=CYxH
-----END PGP SIGNATURE-----