[Pkg-pulseaudio-devel] Processing of pulseaudio_0.9.15-4.1_amd64.changes
pulseaudio_0.9.15-4.1_amd64.changes uploaded successfully to localhost along with the files: pulseaudio_0.9.15-4.1.dsc pulseaudio_0.9.15-4.1.diff.gz pulseaudio_0.9.15-4.1_amd64.deb pulseaudio-dbg_0.9.15-4.1_amd64.deb pulseaudio-utils_0.9.15-4.1_amd64.deb pulseaudio-utils-dbg_0.9.15-4.1_amd64.deb pulseaudio-esound-compat_0.9.15-4.1_amd64.deb pulseaudio-esound-compat-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-zeroconf_0.9.15-4.1_amd64.deb pulseaudio-module-zeroconf-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-hal_0.9.15-4.1_amd64.deb pulseaudio-module-hal-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-jack_0.9.15-4.1_amd64.deb pulseaudio-module-jack-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-lirc_0.9.15-4.1_amd64.deb pulseaudio-module-lirc-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-gconf_0.9.15-4.1_amd64.deb pulseaudio-module-gconf-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-raop_0.9.15-4.1_amd64.deb pulseaudio-module-raop-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-bluetooth_0.9.15-4.1_amd64.deb pulseaudio-module-bluetooth-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-x11_0.9.15-4.1_amd64.deb pulseaudio-module-x11-dbg_0.9.15-4.1_amd64.deb libpulse0_0.9.15-4.1_amd64.deb libpulse0-dbg_0.9.15-4.1_amd64.deb libpulse-mainloop-glib0_0.9.15-4.1_amd64.deb libpulse-mainloop-glib0-dbg_0.9.15-4.1_amd64.deb libpulse-browse0_0.9.15-4.1_amd64.deb libpulse-browse0-dbg_0.9.15-4.1_amd64.deb libpulse-dev_0.9.15-4.1_amd64.deb Greetings, Your Debian queue daemon ___ Pkg-pulseaudio-devel mailing list Pkg-pulseaudio-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-pulseaudio-devel
[Pkg-pulseaudio-devel] pulseaudio_0.9.15-4.1_amd64.changes ACCEPTED
Accepted: libpulse-browse0-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-browse0-dbg_0.9.15-4.1_amd64.deb libpulse-browse0_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-browse0_0.9.15-4.1_amd64.deb libpulse-dev_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-dev_0.9.15-4.1_amd64.deb libpulse-mainloop-glib0-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.15-4.1_amd64.deb libpulse-mainloop-glib0_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.15-4.1_amd64.deb libpulse0-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse0-dbg_0.9.15-4.1_amd64.deb libpulse0_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse0_0.9.15-4.1_amd64.deb pulseaudio-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-dbg_0.9.15-4.1_amd64.deb pulseaudio-esound-compat-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.15-4.1_amd64.deb pulseaudio-esound-compat_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-esound-compat_0.9.15-4.1_amd64.deb pulseaudio-module-bluetooth-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-bluetooth-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-bluetooth_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-bluetooth_0.9.15-4.1_amd64.deb pulseaudio-module-gconf-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-gconf_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-gconf_0.9.15-4.1_amd64.deb pulseaudio-module-hal-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-hal_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-hal_0.9.15-4.1_amd64.deb pulseaudio-module-jack-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-jack_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-jack_0.9.15-4.1_amd64.deb pulseaudio-module-lirc-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-lirc_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-lirc_0.9.15-4.1_amd64.deb pulseaudio-module-raop-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-raop-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-raop_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-raop_0.9.15-4.1_amd64.deb pulseaudio-module-x11-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-x11_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-x11_0.9.15-4.1_amd64.deb pulseaudio-module-zeroconf-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.15-4.1_amd64.deb pulseaudio-module-zeroconf_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.15-4.1_amd64.deb pulseaudio-utils-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.15-4.1_amd64.deb pulseaudio-utils_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio-utils_0.9.15-4.1_amd64.deb pulseaudio_0.9.15-4.1.diff.gz to pool/main/p/pulseaudio/pulseaudio_0.9.15-4.1.diff.gz pulseaudio_0.9.15-4.1.dsc to pool/main/p/pulseaudio/pulseaudio_0.9.15-4.1.dsc pulseaudio_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/pulseaudio_0.9.15-4.1_amd64.deb Override entries for your package: libpulse-browse0-dbg_0.9.15-4.1_amd64.deb - extra debug libpulse-browse0_0.9.15-4.1_amd64.deb - optional sound libpulse-dev_0.9.15-4.1_amd64.deb - optional libdevel libpulse-mainloop-glib0-dbg_0.9.15-4.1_amd64.deb - extra debug libpulse-mainloop-glib0_0.9.15-4.1_amd64.deb - optional sound libpulse0-dbg_0.9.15-4.1_amd64.deb - extra debug libpulse0_0.9.15-4.1_amd64.deb - optional libs pulseaudio-dbg_0.9.15-4.1_amd64.deb - extra debug pulseaudio-esound-compat-dbg_0.9.15-4.1_amd64.deb - extra debug pulseaudio-esound-compat_0.9.15-4.1_amd64.deb - optional sound pulseaudio-module-bluetooth-dbg_0.9.15-4.1_amd64.deb - extra debug pulseaudio-module-bluetooth_0.9.15-4.1_amd64.deb - extra sound pulseaudio-module-gconf-dbg_0.9.15-4.1_amd64.deb - extra debug pulseaudio-module-gconf_0.9.15-4.1_amd64.deb - optional sound pulseaudio-module-hal-dbg_0.9.15-4.1_amd64.deb - extra debug pulseaudio-module-hal_0.9.15-4.1_amd64.deb - optional sound pulseaudio-module-jack-dbg_0.9.15-4.1_amd64.deb - extra debug pulseaudio-module-jack_0.9.15-4.1_amd64.deb - optional sound pulseaudio-module-lirc-dbg_0.9.15-4.1_amd64.deb - extra debug pulseaudio-module-lirc_0.9.15-4.1_amd64.deb - optional sound pulseaudio-module-raop-dbg_0.9.15-4.1_amd64.deb - optional debug pulseaudio-module-raop_0.9.15-4.1_amd64.deb - optional sound pulseaudio-module-x11-dbg_0.9.15-4.1_amd64.deb - extra debug pulseaudio-module-x11_0.9.15-4.1_amd64.deb - optional
[Pkg-pulseaudio-devel] Accepted pulseaudio 0.9.15-4.1 (source amd64)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 24 Jul 2009 18:02:24 +0200 Source: pulseaudio Binary: pulseaudio pulseaudio-dbg pulseaudio-utils pulseaudio-utils-dbg pulseaudio-esound-compat pulseaudio-esound-compat-dbg pulseaudio-module-zeroconf pulseaudio-module-zeroconf-dbg pulseaudio-module-hal pulseaudio-module-hal-dbg pulseaudio-module-jack pulseaudio-module-jack-dbg pulseaudio-module-lirc pulseaudio-module-lirc-dbg pulseaudio-module-gconf pulseaudio-module-gconf-dbg pulseaudio-module-raop pulseaudio-module-raop-dbg pulseaudio-module-bluetooth pulseaudio-module-bluetooth-dbg pulseaudio-module-x11 pulseaudio-module-x11-dbg libpulse0 libpulse0-dbg libpulse-mainloop-glib0 libpulse-mainloop-glib0-dbg libpulse-browse0 libpulse-browse0-dbg libpulse-dev Architecture: source amd64 Version: 0.9.15-4.1 Distribution: unstable Urgency: high Maintainer: Pulseaudio maintenance team pkg-pulseaudio-devel@lists.alioth.debian.org Changed-By: Nico Golde n...@debian.org Description: libpulse-browse0 - PulseAudio client libraries (zeroconf support) libpulse-browse0-dbg - PulseAudio client libraries (zeroconf support) debugging symbols libpulse-dev - PulseAudio client development headers and libraries libpulse-mainloop-glib0 - PulseAudio client libraries (glib support) libpulse-mainloop-glib0-dbg - PulseAudio client libraries (glib support) debugging symbols libpulse0 - PulseAudio client libraries libpulse0-dbg - PulseAudio client libraries detached debugging symbols pulseaudio - PulseAudio sound server pulseaudio-dbg - PulseAudio sound server detached debugging symbols pulseaudio-esound-compat - PulseAudio ESD compatibility layer pulseaudio-esound-compat-dbg - PulseAudio ESD compatibility layer debugging symbols pulseaudio-module-bluetooth - Bluetooth module for PulseAudio sound server pulseaudio-module-bluetooth-dbg - Bluetooth module for PulseAudio sound server pulseaudio-module-gconf - GConf module for PulseAudio sound server pulseaudio-module-gconf-dbg - GConf module for PulseAudio sound server debugging symbols pulseaudio-module-hal - HAL device detection module for PulseAudio sound server pulseaudio-module-hal-dbg - HAL module for PulseAudio sound server debugging symbols pulseaudio-module-jack - jackd modules for PulseAudio sound server pulseaudio-module-jack-dbg - jackd modules for PulseAudio sound server debugging symbols pulseaudio-module-lirc - lirc module for PulseAudio sound server pulseaudio-module-lirc-dbg - lirc module for PulseAudio sound server debugging symbols pulseaudio-module-raop - RAOP module for PulseAudio sound server pulseaudio-module-raop-dbg - RAOP module for PulseAudio sound server pulseaudio-module-x11 - X11 module for PulseAudio sound server pulseaudio-module-x11-dbg - X11 module for PulseAudio sound server debugging symbols pulseaudio-module-zeroconf - Zeroconf module for PulseAudio sound server pulseaudio-module-zeroconf-dbg - Zeroconf module for PulseAudio sound server debugging symbols pulseaudio-utils - Command line tools for the PulseAudio sound server pulseaudio-utils-dbg - PulseAudio command line tools detached debugging symbols Closes: 537351 Changes: pulseaudio (0.9.15-4.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Fix race condition when reading /proc/self/exe and reloading the binary that leads to arbitrary code execution as pulseaudio is suid root + Use LDFLAGS to preload DSOs + regenerate autofoo (CVE-2009-1894; Closes: #537351). Checksums-Sha1: 1446a1f4bff005d9df734348dbfcb1264b2dafeb 2603 pulseaudio_0.9.15-4.1.dsc c174edf68def7398dcceda0398453fdb38c5b057 40884 pulseaudio_0.9.15-4.1.diff.gz 41964df914da50e35e9015a5e1d3ddd95aea701a 1015510 pulseaudio_0.9.15-4.1_amd64.deb c3ef4c645f0627bf8806b8659057d167778acc22 1268956 pulseaudio-dbg_0.9.15-4.1_amd64.deb 2755867062d99e23676d8bd4d3278788c12aeb0c 194680 pulseaudio-utils_0.9.15-4.1_amd64.deb 552cb60a4802e1bb57f3b2e512a491df758e4307 216626 pulseaudio-utils-dbg_0.9.15-4.1_amd64.deb eeb23069fd63d69b733a2487140af9633e7195a7 158990 pulseaudio-esound-compat_0.9.15-4.1_amd64.deb 72e978886317884a0032c47a24f500fb272caace 186564 pulseaudio-esound-compat-dbg_0.9.15-4.1_amd64.deb bc7b2fa4a713b1a7d4f3798f57fddd8366860599 143988 pulseaudio-module-zeroconf_0.9.15-4.1_amd64.deb f6c177c88cdd05ea19c586d726af777bac71f01b 166494 pulseaudio-module-zeroconf-dbg_0.9.15-4.1_amd64.deb 24c02d7cfdbce38c3266dd278f0cebfa9e4fb819 137276 pulseaudio-module-hal_0.9.15-4.1_amd64.deb 76afbf783a093d68945d2310a8408833cdffa703 144312 pulseaudio-module-hal-dbg_0.9.15-4.1_amd64.deb 355e40b9781280327f1cdb7a3920cf26e96dd895 140816 pulseaudio-module-jack_0.9.15-4.1_amd64.deb 9e1bbcac6e4beb268200c25d3fef81a379848ddd 157216 pulseaudio-module-jack-dbg_0.9.15-4.1_amd64.deb dae54406a5b7c7decd9715378825de26dafb1e10 131878 pulseaudio-module-lirc_0.9.15-4.1_amd64.deb 2cebce7f4b77c05265f9b7e65011ca0853dc7505 138658
[Pkg-pulseaudio-devel] Bug#537351: marked as done (pulsaudio: CVE-2009-1894 race allows privilege escalation to root)
Your message dated Fri, 24 Jul 2009 16:32:45 + with message-id e1munhn-00012q...@ries.debian.org and subject line Bug#537351: fixed in pulseaudio 0.9.15-4.1 has caused the Debian Bug report #537351, regarding pulsaudio: CVE-2009-1894 race allows privilege escalation to root to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 537351: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537351 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: pulseaudio Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities Exposures) id was published for pulseaudio. CVE-2009-1894[0]: | Race condition | | If the PulseAudio binary is started on Linux systems, it checks if the | LD_BIND_NOW environment variable is set. If this is not the case, PulseAudio | will set the variable and it will reload itself. It tries to determine its path | name by looking at the /proc/self/exe symbolic link. This symbolic link will | point to the full path name of the current process. | | int main(int argc, char *argv[]) { | [...] | #if defined(__linux__) defined(__OPTIMIZE__) |/* | Disable lazy relocations to make usage of external libraries | more deterministic for our RT threads. We abuse __OPTIMIZE__ as | a check whether we are a debug build or not. |*/ | |if (!getenv(LD_BIND_NOW)) { | char *rp; | | /* We have to execute ourselves, because the libc caches the | * value of $LD_BIND_NOW on initialization. */ | | pa_set_env(LD_BIND_NOW, 1); | pa_assert_se(rp = pa_readlink(/proc/self/exe)); | pa_assert_se(execv(rp, argv) == 0); |} | #endif | | Normally, /proc/self/exe will point to something like /usr/bin/pulseaudio. | However by using hard links, it is possible to cause /proc/self/exe to point to | a different location. | | $ cd /tmp | $ ls -la /proc/self/exe | lrwxrwxrwx 1 yorick yorick 0 2009-06-09 16:31 /proc/self/exe - /bin/ls | $ ln `which ls` ls | $ ./ls -la /proc/self/exe | lrwxrwxrwx 1 yorick yorick 0 2009-06-09 16:31 /proc/self/exe - /tmp/ls | | In addition, if a hard link is created, the SUID bit is preserved. | | $ ln `which pulseaudio` pulseaudio | $ ls -la pulseaudio | -rwsr-xr-x 2 root root 71616 2009-04-09 02:12 pulseaudio | | A race condition exists in the reload mechanism of PulseAudio. An attacker | can exploit this issue by creating a hard link pointing to the PulseAudio | binary. After this it can execute this binary through the hard link. At this | moment /proc/sef/exe will point to the hard link. Before PulseAudio is | restarted, the attacker can replace the hard link with a different (executable) | file or (symbolic) link. If PulseAudio is restarted, it will use a path name | that at this moment points to a different file, for example a command shell. | Root privileges are not dropped when PulseAudio is reloading, thus allowing a | local attacker to gain root privileges. | | Please note, this attack is only possible if the attacker can create hard | links on the same hard disk partition on which PulseAudio is installed (i.e. | /usr/bin and /tmp reside on the same partition). If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Patch available at http://git.0pointer.de/?p=pulseaudio.git;a=commitdiff_plain;h=84200b423ebfa7e2dad9b1b65f64eac7bf3d2114;hp=ff252cb48d9bd827d262eb2633fecaff47c6fe5c For further information see: [0] http://www.akitasecurity.nl/advisory.php?id=AK20090602 http://security-tracker.debian.net/tracker/CVE-2009-1894 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpCbEQkMcqqV.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: pulseaudio Source-Version: 0.9.15-4.1 We believe that the bug you reported is fixed in the latest version of pulseaudio, which is due to be installed in the Debian FTP archive: libpulse-browse0-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-browse0-dbg_0.9.15-4.1_amd64.deb libpulse-browse0_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-browse0_0.9.15-4.1_amd64.deb libpulse-dev_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-dev_0.9.15-4.1_amd64.deb libpulse-mainloop-glib0-dbg_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.15-4.1_amd64.deb libpulse-mainloop-glib0_0.9.15-4.1_amd64.deb to pool/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.15-4.1_amd64.deb libpulse0-dbg_0.9.15-4.1_amd64.deb
[Pkg-pulseaudio-devel] Bug#537351: Bug#537351: intent to NMU
On Fri, Jul 24, 2009 at 06:23:40PM +0200, Nico Golde wrote: Hi, I intent to upload a 0-day NMU for this bug. Patch on http://people.debian.org/~nion/nmu-diff/pulseaudio-0.9.15-4_0.9.15-4.1.patch Thanks! i'll pull this into the packaging repository asap Sjoerd -- Ma Bell is a mean mother! ___ Pkg-pulseaudio-devel mailing list Pkg-pulseaudio-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-pulseaudio-devel