7 matches found
Mandriva Linux Security Advisory : pulseaudio (MDVSA-2008:027)
A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration. The updated packages fix this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Fedora Update for pulseaudio FEDORA-2008-0963
Check for the Version of pulseaudio OpenVAS Vulnerability Test Fedora Update for pulseaudio FEDORA-2008-0963 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CVE-2008-0008
The CVE-2008-0008 issue affects PulseAudio 0.9.8 and certain 0.9.9 builds where pa_drop_root does not check return values from setresuid, setreuid, setuid, and seteuid when dropping privileges. This could allow a local user to escalate privileges if those calls fail (e.g., due to resource exhaust...
CVE-2008-0008
The padroproot function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from 1 setresuid, 2 setreuid, 3 setuid, and 4 seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as...
Fedora 8 : pulseaudio-0.9.8-5.fc8 (2008-0963)
Wed Jan 23 2008 Lubomir Kundrak 0.9.8-5 - Fix CVE-2008-0008 security issue 425481 - Sun Jan 13 2008 Lubomir Kundrak 0.9.8-4.1 - Actually add content to pulseaudio-0.9.8-create-dot-pulse.patch - Make the Source0 tag point to URL instead of a local file - Drop the nochown patch; it's not applied at...
Fedora 7 : pulseaudio-0.9.6-2.fc7.1 (2008-0994)
Wed Jan 23 2008 Lubomir Kundrak 0.9.6-2.1 - Fix CVE-2008-0008 security issue 425481 - Tue May 29 2007 Pierre Ossman 0.9.6-2 - Add libatomicops-devel as a build requirement. - Tue May 29 2007 Pierre Ossman 0.9.6-1 - Upgrade to 0.9.6. Note that Tenable Network Security has extracted the preceding...
[ MDVSA-2008:027 ] - Updated pulseaudio packages fix local root vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:027 http://www.mandriva.com/security/ Package : pulseaudio Date : January 25, 2008 Affected: 2007.1, 2008.0 Problem Description: A programming flaw was found in Pulseaudio versions older than 0.9.9, by which...