PT-2020-12929 · Canonical+1 · Pulseaudio+2
James Henstridge
+1
·
Published
2020-04-16
·
Updated
2020-05-19
·
CVE-2020-11931
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
pulseaudio versions 1:8.0 through 1:8.0-0ubuntu3.11
pulseaudio versions 1:11.1 through 1:11.1-1ubuntu7.6
pulseaudio versions 1:13.0 through 1:13.0-1ubuntu1.1
pulseaudio versions 1:13.99.1 through 1:13.99.1-1ubuntu3.1
Description
The issue is related to an Ubuntu-specific modification to Pulseaudio, which provides security mediation for Snap-packaged applications. It was found that there is a bypass of intended access restriction for snaps that plug any of pulseaudio, audio-playback, or audio-record via unloading the pulseaudio snap policy module.
Recommendations
For pulseaudio versions 1:8.0 through 1:8.0-0ubuntu3.11, update to version 1:8.0-0ubuntu3.12 or later.
For pulseaudio versions 1:11.1 through 1:11.1-1ubuntu7.6, update to version 1:11.1-1ubuntu7.7 or later.
For pulseaudio versions 1:13.0 through 1:13.0-1ubuntu1.1, update to version 1:13.0-1ubuntu1.2 or later.
For pulseaudio versions 1:13.99.1 through 1:13.99.1-1ubuntu3.1, update to version 1:13.99.1-1ubuntu3.2 or later.
Fix
Improper Access Control
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Pulseaudio