Oval Definition:oval:org.mitre.oval:def:12996
Revision Date:2014-06-23Version:20
Title:DSA-1838-1 pulseaudio -- privilege escalation
Description:Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges. The old stable distribution is not affected by this issue. For the stable distribution, this problem has been fixed in version 0.9.10-3+lenny1. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your pulseaudio packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-1894
DSA-1838-1
Platform(s):Debian GNU/Linux 5.0
Product(s):pulseaudio
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is hppa
  • AND Packages section
  • libpulse-dev DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-utils DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-esound-compat DPKG is earlier than 0.9.10-3+lenny1
  • OR libpulse-mainloop-glib0-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-gconf-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-esound-compat-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-hal DPKG is earlier than 0.9.10-3+lenny1
  • OR libpulsecore5 DPKG is earlier than 0.9.10-3+lenny1
  • OR libpulse-browse0 DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-zeroconf DPKG is earlier than 0.9.10-3+lenny1
  • OR libpulse-browse0-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-zeroconf-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-jack-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-x11 DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-utils-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-x11-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR libpulse-mainloop-glib0 DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-gconf DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-hal-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-lirc-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-lirc DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio-module-jack DPKG is earlier than 0.9.10-3+lenny1
  • OR libpulse0 DPKG is earlier than 0.9.10-3+lenny1
  • OR pulseaudio DPKG is earlier than 0.9.10-3+lenny1
  • OR libpulsecore5-dbg DPKG is earlier than 0.9.10-3+lenny1
  • OR libpulse0-dbg DPKG is earlier than 0.9.10-3+lenny1
    • BACK