Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 2017-1] New pulseaudio packages fix insecure temporary

From Giuseppe Iuculano@1:229/2 to All on Mon Mar 15 21:20:02 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2017-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano
March 15, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : pulseaudio
Vulnerability : insecure temporary directory
Problem type : local
Debian-specific: no
CVE Id : CVE-2009-1299
Debian Bug : 573615

Dan Rosenberg discovered that the PulseAudio sound server creates a
temporary directory with a predictable name. This allows a local attacker
to create a Denial of Service condition or possibly disclose sensitive information to unprivileged users.

For the stable distribution (lenny), this problem has been fixed in
version 0.9.10-3+lenny2.

For the testing (squeeze) and unstable (sid) distribution this problem
will be fixed soon.

We recommend that you upgrade your pulseaudio package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10.orig.tar.gz
Size/MD5 checksum: 1081546 9187ac1b302b9ab45f355242f453882e
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2.diff.gz
Size/MD5 checksum: 31863 185e2f1b111157ea0217ecaeeda185a2
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2.dsc
Size/MD5 checksum: 2293 bad720da8b1dd224c9368bef03518054

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 198254 bf3299efe986a12c86dd6d31b4692d8f
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 101510 81d1838144b520c13533febb86a4d8ae
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 70004 4621a73c0ed8789d222addf9da51cd02
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 68490 9897773024d5765b9547d6fa84797f1b
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 407710 398e87bb6a2fa06ba2b03a7fba6e04e9
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 476188 a99a693312c3f02ff67b74ae068b600a
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 62226 5d3ffa6f6f2a999b74f290d369f28d92
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 69334 ca8887e59cbaf769dbba6c4da356e3f3
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 283682 e6c1a76cabb102a4619a721121b49a58
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 58694 f90be25dadee097f80226b65c0267c77
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 252300 200b67f5d9d838272237c802ecbbd5dc
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 198186 dbb3f3e64de9c578d1ae874b8935cb95
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 347852 56e37494031cae8a65f2c6bc18f44598
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 385132 d93896747657e507b93f085a91c3ed14
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 81246 3e4d3bbb433ca2543af0c199a75e44b6
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 98294 5a9321069211a62cbeb56217615bbfd6
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 66028 774091b60c25b1bcbffd05a1f1cd4d5f
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 64602 bb810390cf9f76e4b66f29ee385a67e2
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 77300 5b5bad370a19c97a39e1508d481d318f
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 80918 b5c3bdaca4287822586bcd3960b77467
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 77932 14404db309c71e1e4402589b90c43087
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 95120 6b34172b0d84a28387135a028eb8ad13
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_alpha.deb
Size/MD5 checksum: 67854 37019f0d9559c74a5b2e741009360dba
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_alpha.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Mon Jun 8 11:22:02 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Mon Jun 8 08:26:26 2026
  from Wales, Uk via Telnet
- Spearb0y
  Mon Jun 8 06:51:02 2026
  from Massachusetts via SSH
- Krenn
  Mon Jun 8 05:45:38 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Sun Jun 7 20:58:28 2026
  from Wales, Uk via Telnet
- Michal Wronka
  Sun Jun 7 19:26:28 2026
  from Wroclaw, Poland via SSH
- Centurion
  Sun Jun 7 16:59:51 2026
  from Berea, Ohio via Telnet
- Furryboy
  Sun Jun 7 13:40:29 2026
  from Romania, Galati via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (3 / 13)
Uptime:	19:05:25
Calls:	12,104
Calls today:	4
Files:	15,004
Messages:	6,518,087

[SECURITY] [DSA 2017-1] New pulseaudio packages fix insecure temporary

Who's Online

Recent Visitors

System Info