Ubuntu
pulseaudio package

[SECURITY] Fix unchecked setuid() return values (feisty-security, gutsy)

Bug #185534 reported by Daniel T Chen on 2008-01-24

262

Affects		Status	Importance	Assigned to	Milestone
	pulseaudio (Ubuntu)	Fix Released	High	Unassigned
	Feisty	Fix Released	High	Unassigned
	Gutsy	Fix Released	High	Unassigned

Bug Description

Binary package hint: pulseaudio

PulseAudio in feisty-security and gutsy do not check the return values of set*id(). This is CVE-2008-0008; see also https://bugzilla.novell.com/show_bug.cgi?id=347822 and https://bugzilla.redhat.com/show_bug.cgi?id=425481. Debdiffs for feisty-security and gusty attached separately.

CVE References

2008-0008

Revision history for this message

Daniel T Chen (crimsun) wrote on 2008-01-24:

#1

debdiff against feisty-security Edit (3.8 KiB, text/plain)

Changed in pulseaudio:
importance:	Undecided → High
status:	New → Triaged

Revision history for this message

Daniel T Chen (crimsun) wrote on 2008-01-24:

#2

debdiff against gutsy Edit (3.8 KiB, text/plain)

Changed in pulseaudio:
status:	Triaged → Fix Released
importance:	Undecided → High
status:	New → Triaged
importance:	Undecided → High
status:	New → Triaged

Jamie Strandboge (jdstrand) on 2008-01-31

Changed in pulseaudio:
status:	Triaged → Fix Committed
status:	Triaged → Fix Committed

Revision history for this message

Kees Cook (kees) wrote on 2008-03-07:

#3

Thanks! This was fixed in: http://www.ubuntu.com/usn/usn-573-1

Changed in pulseaudio:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

Bug #186571

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

debdiff against feisty-security Edit

Add patch

Bug attachments

debdiff against gutsy Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.