Advisories » MGASA-2014-0440

Updated pulseaudio package fixes RTP remote crash vulnerability

Publication date: 02 Nov 2014
Modification date: 02 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3970

Description

PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a
remote RTP attack which could crash the PulseAudio server simply by
sending an empty UDP packet.

Additionally, the version of PulseAudio shipped in Mageia 4 was a
pre-release version of PulseAudio v5 and has been updated to the
official final version.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13483
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3970

SRPMS

3/core

• pulseaudio-3.0-7.1.mga3

4/core

• pulseaudio-5.0-1.mga4