Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18958
HistoryJan 27, 2008 - 12:00 a.m.

[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability

2008-01-2700:00:00
vulners.com
8
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2008:027
http://www.mandriva.com/security/

Package : pulseaudio
Date : January 25, 2008
Affected: 2007.1, 2008.0

Problem Description:

A programming flaw was found in Pulseaudio versions older than 0.9.9,
by which a local user can gain root access, if pulseaudio is installed
as a setuid to root binary, which is the recommended configuration.

The updated packages fix this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0008

Updated Packages:

Mandriva Linux 2007.1:
52f138a98db13ca5eb3d9a37b9b8efe0 2007.1/i586/libpulseaudio0-0.9.5-1.2mdv2007.1.i586.rpm
f48d1b6b61fa0c52406b76c010604f00 2007.1/i586/libpulseaudio0-devel-0.9.5-1.2mdv2007.1.i586.rpm
baa1c32f82d6925d3533c4d848fe0785 2007.1/i586/libpulsecore2-0.9.5-1.2mdv2007.1.i586.rpm
55bbdfcca0c7809ee8a1e0ddf4b6e15d 2007.1/i586/pulseaudio-0.9.5-1.2mdv2007.1.i586.rpm
8e833b7c732943d2ef143e35acf2f4e1 2007.1/SRPMS/pulseaudio-0.9.5-1.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
25a669614bfe39badacd0e9c9adaa0ab 2007.1/x86_64/lib64pulseaudio0-0.9.5-1.2mdv2007.1.x86_64.rpm
f93980d7641d4aafd0f51b83a665d9c3 2007.1/x86_64/lib64pulseaudio0-devel-0.9.5-1.2mdv2007.1.x86_64.rpm
0f1442574974705cb4508432c5d2a958 2007.1/x86_64/lib64pulsecore2-0.9.5-1.2mdv2007.1.x86_64.rpm
96f6df3186f6622e68178fc238a8396f 2007.1/x86_64/pulseaudio-0.9.5-1.2mdv2007.1.x86_64.rpm
8e833b7c732943d2ef143e35acf2f4e1 2007.1/SRPMS/pulseaudio-0.9.5-1.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
47d86f290ace043d9afff832167fd4e9 2008.0/i586/libpulseaudio0-0.9.6-3.2mdv2008.0.i586.rpm
1b8bdf5f12c0b49700f99fa548af8097 2008.0/i586/libpulseaudio0-devel-0.9.6-3.2mdv2008.0.i586.rpm
0da7faa98ccb33abf6ab01be9196532a 2008.0/i586/libpulsecore3-0.9.6-3.2mdv2008.0.i586.rpm
134fdecb71eb1a9486be1fb50f2a9dd1 2008.0/i586/pulseaudio-0.9.6-3.2mdv2008.0.i586.rpm
ec9296a94a1f5ddb68f07e1188ed6fbd 2008.0/SRPMS/pulseaudio-0.9.6-3.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
32b199e39787b69263fb4ad12fc406f2 2008.0/x86_64/lib64pulseaudio0-0.9.6-3.2mdv2008.0.x86_64.rpm
290bc9b8b5088dc34dcb4bc759de0674 2008.0/x86_64/lib64pulseaudio0-devel-0.9.6-3.2mdv2008.0.x86_64.rpm
1156bbd6a875bfe3039dd4a4c0bbd7c3 2008.0/x86_64/lib64pulsecore3-0.9.6-3.2mdv2008.0.x86_64.rpm
2e4058e6aa6b0c87340e71b491f3f494 2008.0/x86_64/pulseaudio-0.9.6-3.2mdv2008.0.x86_64.rpm
ec9296a94a1f5ddb68f07e1188ed6fbd 2008.0/SRPMS/pulseaudio-0.9.6-3.2mdv2008.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHmlCKmqjQ0CJFipgRApSzAJ98ybCvdBytqs44lj4rhDhjNLeWjwCeObM6
YuDhSanGTkSC5wxyBN23m0k=
=CYxH
-----END PGP SIGNATURE-----

Related

nessus 6
debiancve 1
openvas 7
gentoo 1
ubuntucve 1
fedora 2
prion 1
securityvulns 1
ubuntu 1
cve 1
debian 1
nessus
nessus
Fedora 8 : pulseaudio-0.9.8-5.fc8 (2008-0963)
2008-01-27 00:00:00
Fedora 7 : pulseaudio-0.9.6-2.fc7.1 (2008-0994)
2008-01-27 00:00:00
Mandriva Linux Security Advisory : pulseaudio (MDVSA-2008:027)
2009-04-23 00:00:00
debiancve
debiancve
CVE-2008-0008
2008-01-29 00:00:00
openvas
openvas
Mandriva Update for pulseaudio MDVSA-2008:027 (pulseaudio)
2009-04-09 00:00:00
Debian Security Advisory DSA 1476-1 (pulseaudio)
2008-01-31 00:00:00
Fedora Update for pulseaudio FEDORA-2008-0994
2009-02-17 00:00:00
gentoo
gentoo
Pulseaudio: Privilege escalation
2008-02-13 00:00:00
ubuntucve
ubuntucve
CVE-2008-0008
2008-01-29 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: pulseaudio-0.9.6-2.fc7.1
2008-01-24 22:02:07
[SECURITY] Fedora 8 Update: pulseaudio-0.9.8-5.fc8
2008-01-24 21:59:33
prion
prion
Privilege escalation
2008-01-29 00:00:00
securityvulns
securityvulns
pulseuadio privilege escalation
2008-01-27 00:00:00
ubuntu
ubuntu
PulseAudio vulnerability
2008-01-31 00:00:00
cve
cve
CVE-2008-0008
2008-01-29 00:00:00
debian
debian
[SECURITY] [DSA 1476-1] New pulseaudio packages fix privilege escalation
2008-01-27 18:16:38
JSON
Related for SECURITYVULNS:DOC:18958
nessus6debiancve1openvas7gentoo1ubuntucve1fedora2prion1securityvulns1ubuntu1cve1debian1