-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:134 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : pulseaudio Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated pulseaudio package fixes RTP remote crash vulnerability: PulseAudio versions shipped in mbs2 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in mbs2 was a pre-release version of PulseAudio v5 and has been updated to the official final version. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970 http://advisories.mageia.org/MGASA-2014-0440.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: c7173778c42dc113d5b3f5fa22c0bed4 mbs2/x86_64/lib64pulseaudio0-5.0-1.mbs2.x86_64.rpm eb56efad6ea78e06542415b91978dac0 mbs2/x86_64/lib64pulseaudio-devel-5.0-1.mbs2.x86_64.rpm 0df303db1ceed4a22176f1b08bbfc98b mbs2/x86_64/lib64pulsecommon5.0-5.0-1.mbs2.x86_64.rpm efc62c8009ab642f87342b5f32b45c79 mbs2/x86_64/lib64pulsecore5.0-5.0-1.mbs2.x86_64.rpm d2289b4e1f9ab3e0fbbda56aae56ec5a mbs2/x86_64/lib64pulseglib20-5.0-1.mbs2.x86_64.rpm ae94b8d766cc6c3c755d2a5cb492c4ac mbs2/x86_64/pulseaudio-5.0-1.mbs2.x86_64.rpm 5e4b67fa760fa7f69af024ad1a5340c0 mbs2/x86_64/pulseaudio-client-config-5.0-1.mbs2.x86_64.rpm ee4e7ad07378be8e74b065eb233b6044 mbs2/x86_64/pulseaudio-esound-compat-5.0-1.mbs2.x86_64.rpm 9ca9587b15145cce0579f8dc77c6f06b mbs2/x86_64/pulseaudio-module-bluetooth-5.0-1.mbs2.x86_64.rpm 99954fd5fb94ec709abc21df7c1c7abe mbs2/x86_64/pulseaudio-module-equalizer-5.0-1.mbs2.x86_64.rpm ae40837d35dd20f7fb2fb8d2f8051f6c mbs2/x86_64/pulseaudio-module-gconf-5.0-1.mbs2.x86_64.rpm c558e998f4b7b3e676a55d9f50ba21cc mbs2/x86_64/pulseaudio-module-jack-5.0-1.mbs2.x86_64.rpm 5be7891d6cefe93f0c7158147e768e44 mbs2/x86_64/pulseaudio-module-lirc-5.0-1.mbs2.x86_64.rpm 04fc999181c8326081e41140550aeba3 mbs2/x86_64/pulseaudio-module-x11-5.0-1.mbs2.x86_64.rpm e4c964e2b5cd17bc4508d595e4f37faa mbs2/x86_64/pulseaudio-module-xen-5.0-1.mbs2.x86_64.rpm 02228e2f73af3fdd03523ee479c8abea mbs2/x86_64/pulseaudio-module-zeroconf-5.0-1.mbs2.x86_64.rpm 92b85f86e00d4a82bfa3c98034ede5fd mbs2/x86_64/pulseaudio-utils-5.0-1.mbs2.x86_64.rpm 256e3c1f6e1be52e2f95f7ec3431c59e mbs2/SRPMS/pulseaudio-5.0-1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF88omqjQ0CJFipgRAlH4AKC2jT23PGz0KcrKrX33oSifVSBXYwCcDUnM 2/X1Nk/chffE55Zz3CgKajc= =Cnon -----END PGP SIGNATURE-----
