-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:027 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pulseaudio Date : January 25, 2008 Affected: 2007.1, 2008.0 _______________________________________________________________________ Problem Description: A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration. The updated packages fix this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0008 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 52f138a98db13ca5eb3d9a37b9b8efe0 2007.1/i586/libpulseaudio0-0.9.5-1.2mdv2007.1.i586.rpm f48d1b6b61fa0c52406b76c010604f00 2007.1/i586/libpulseaudio0-devel-0.9.5-1.2mdv2007.1.i586.rpm baa1c32f82d6925d3533c4d848fe0785 2007.1/i586/libpulsecore2-0.9.5-1.2mdv2007.1.i586.rpm 55bbdfcca0c7809ee8a1e0ddf4b6e15d 2007.1/i586/pulseaudio-0.9.5-1.2mdv2007.1.i586.rpm 8e833b7c732943d2ef143e35acf2f4e1 2007.1/SRPMS/pulseaudio-0.9.5-1.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 25a669614bfe39badacd0e9c9adaa0ab 2007.1/x86_64/lib64pulseaudio0-0.9.5-1.2mdv2007.1.x86_64.rpm f93980d7641d4aafd0f51b83a665d9c3 2007.1/x86_64/lib64pulseaudio0-devel-0.9.5-1.2mdv2007.1.x86_64.rpm 0f1442574974705cb4508432c5d2a958 2007.1/x86_64/lib64pulsecore2-0.9.5-1.2mdv2007.1.x86_64.rpm 96f6df3186f6622e68178fc238a8396f 2007.1/x86_64/pulseaudio-0.9.5-1.2mdv2007.1.x86_64.rpm 8e833b7c732943d2ef143e35acf2f4e1 2007.1/SRPMS/pulseaudio-0.9.5-1.2mdv2007.1.src.rpm Mandriva Linux 2008.0: 47d86f290ace043d9afff832167fd4e9 2008.0/i586/libpulseaudio0-0.9.6-3.2mdv2008.0.i586.rpm 1b8bdf5f12c0b49700f99fa548af8097 2008.0/i586/libpulseaudio0-devel-0.9.6-3.2mdv2008.0.i586.rpm 0da7faa98ccb33abf6ab01be9196532a 2008.0/i586/libpulsecore3-0.9.6-3.2mdv2008.0.i586.rpm 134fdecb71eb1a9486be1fb50f2a9dd1 2008.0/i586/pulseaudio-0.9.6-3.2mdv2008.0.i586.rpm ec9296a94a1f5ddb68f07e1188ed6fbd 2008.0/SRPMS/pulseaudio-0.9.6-3.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 32b199e39787b69263fb4ad12fc406f2 2008.0/x86_64/lib64pulseaudio0-0.9.6-3.2mdv2008.0.x86_64.rpm 290bc9b8b5088dc34dcb4bc759de0674 2008.0/x86_64/lib64pulseaudio0-devel-0.9.6-3.2mdv2008.0.x86_64.rpm 1156bbd6a875bfe3039dd4a4c0bbd7c3 2008.0/x86_64/lib64pulsecore3-0.9.6-3.2mdv2008.0.x86_64.rpm 2e4058e6aa6b0c87340e71b491f3f494 2008.0/x86_64/pulseaudio-0.9.6-3.2mdv2008.0.x86_64.rpm ec9296a94a1f5ddb68f07e1188ed6fbd 2008.0/SRPMS/pulseaudio-0.9.6-3.2mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHmlCKmqjQ0CJFipgRApSzAJ98ybCvdBytqs44lj4rhDhjNLeWjwCeObM6 YuDhSanGTkSC5wxyBN23m0k= =CYxH -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/