Updated pulseaudio package fixes RTP remote crash vulnerability
Publication date: 02 Nov 2014Modification date: 02 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3970
Description
PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in Mageia 4 was a pre-release version of PulseAudio v5 and has been updated to the official final version.
References
SRPMS
3/core
- pulseaudio-3.0-7.1.mga3
4/core
- pulseaudio-5.0-1.mga4