Advisories ยป MGASA-2014-0440

Updated pulseaudio package fixes RTP remote crash vulnerability

Publication date: 02 Nov 2014
Modification date: 02 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3970

Description

PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a
remote RTP attack which could crash the PulseAudio server simply by
sending an empty UDP packet.

Additionally, the version of PulseAudio shipped in Mageia 4 was a
pre-release version of PulseAudio v5 and has been updated to the
official final version.
                

References

SRPMS

3/core

4/core