Lucene search

K
mageiaGentoo FoundationMGASA-2014-0440
HistoryNov 02, 2014 - 4:14 p.m.

Updated pulseaudio package fixes RTP remote crash vulnerability

2014-11-0216:14:49
Gentoo Foundation
advisories.mageia.org
15

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.021

Percentile

89.2%

PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in Mageia 4 was a pre-release version of PulseAudio v5 and has been updated to the official final version.

OSVersionArchitecturePackageVersionFilename
Mageia3noarchpulseaudio< 3.0-7.1pulseaudio-3.0-7.1.mga3
Mageia4noarchpulseaudio< 5.0-1pulseaudio-5.0-1.mga4

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.021

Percentile

89.2%