CVE-2020-16123

Name of the Vulnerable Software and Affected Versions PulseAudio versions 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15

Description An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information.

Recommendations For version 1:13.99.3-1ubuntu2, update to this version or later to fix the issue. For version 1:13.99.2-1ubuntu2.1, update to this version or later to fix the issue. For version 1:13.99.1-1ubuntu3.8, update to this version or later to fix the issue. For version 1:11.1-1ubuntu7.11, update to this version or later to fix the issue. For version 1:8.0-0ubuntu3.15, update to this version or later to fix the issue.