From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1838-1 [email protected] http://www.debian.org/security/ Florian Weimer
July 18, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : pulseaudio
Vulnerability : privilege escalation
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2009-1894
Debian Bug : 537351

Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon
does not drop privileges before re-executing itself, enabling local
attackers to increase their privileges.

The old stable distribution (etch) is not affected by this issue.

For the stable distribution (lenny), this problem has been fixed in
version 0.9.10-3+lenny1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your pulseaudio packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1.tar.gz
Size/MD5 checksum: 1098761 e965d6170caf1b816a51e490f8bb8f49
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1.dsc
Size/MD5 checksum: 2302 982ec7228b8b5e2429be61e601f9be78

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 70102 d25d7e00b3abd0d6db30f367b2c1588c
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 80650 662d3cc6c33797509981c86aa2afa33f
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 198044 636571c01f35464050c342763ecd4743
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 383882 2ba1337b6e4b6e63972a63a5cd28c8b7
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 68744 91d11ae4e02af5e5cbc055abe9a3b28c
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 407796 9d7f897db38e9ba8eaa0d043ae0714e8
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 69618 ca807ed9ee62e4df968482c0d3207def
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 66140 d92032d26f5dfbecd48d01727d15b05a
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 58652 993367567f24558d9a23fa741254dd42
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 82050 c2a27269fe5c81c1b449f6cb03f0baec
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 68054 2aaf0fc7b38718792714ebbce7316b2d
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 98628 ec19c6873cf7e7dc181153a63c74a749
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 64750 8a8e9f168dfd19cea9fa22df2fd0e3d8
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 77078 12ebdb1d926f8aa27734b38078e2d91c
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 104850 288ec4e4329c75bb5af5ad0d81064273
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 93578 85d609a4e77fde9c1df8b5b63bd63817
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 283052 7c3bad69fba8d3e7adbaaa97771264b7
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 101092 49a121ce404a243d7680960ed1e7c208
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 77628 05882b2d52ee396635383ad55e2ba420
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 348766 8e91301ccd66e2405a3b48f040a85216
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 196348 8bf48d9f9d4c090267406cce581a872f
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 89626 321fd09fc9e9a4bbf447f085e0a8adee
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 475124 9aecea47e87d08e5b36da03ae145df7a
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 62178 c2f3ae39e3c304e1ff8f81393ed84876
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_alpha.deb
Size/MD5 checksum: 251952 3b899b007f39b4427e4cf87ee82caecb
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_alpha.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)