Summary: | <media-sound/pulseaudio-5.0-r2: denial of service in module-rtp-recv (CVE-2014-3970) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gnome, sound |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1104835 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-06-05 14:26:43 UTC
+*pulseaudio-5.0-r2 (12 Jun 2014) + + 12 Jun 2014; Pacho Ramos <pacho@gentoo.org> + +files/pulseaudio-5.0-crash-udp.patch, + +files/pulseaudio-5.0-module-switch.patch, +pulseaudio-5.0-r2.ebuild: + Fix CVE-2014-3970 (#512516), bash-completion dir (#509486 by poncho) and apply + a patch from upstream used in Fedora to fix the profiles switching. + amd64 stable x86 stable You mean this? Arch teams, please test and mark stable: =media-sound/pulseaudio-5.0-r2 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. arm stable Stable on alpha. ia64 stable ppc64 stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please vote. GLSA vote: no. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. GLSA Vote: No CVE-2014-3970 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3970): The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet. Maintainer(s), please drop the vulnerable version(s). Vulnerable versions have been around for two months. Maintaner(s): Please drop affected versions, security will remove in 30 days if no response. + 13 Nov 2014; Pacho Ramos <pacho@gentoo.org> -pulseaudio-2.1-r1.ebuild, + -pulseaudio-4.0.ebuild: + Drop old (#508854) + Thank you for cleanup. Closing bug as noglsa. |