** Changed in: pulseaudio (Ubuntu Groovy) Importance: High => Medium ** Changed in: pulseaudio (Ubuntu Focal) Importance: Undecided => Medium
** Changed in: pulseaudio (Ubuntu Eoan) Importance: Undecided => Medium ** Changed in: pulseaudio (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: pulseaudio (Ubuntu Xenial) Importance: Undecided => Medium ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1877102 Title: snap policy module can be unloaded, circumventing audio recording restrictions for snaps Status in pulseaudio package in Ubuntu: Triaged Status in pulseaudio source package in Xenial: Fix Released Status in pulseaudio source package in Bionic: Fix Released Status in pulseaudio source package in Eoan: Fix Released Status in pulseaudio source package in Focal: Fix Released Status in pulseaudio source package in Groovy: Triaged Bug description: This collates information about a security vulnerability discussed in email. It has been assigned CVE-2020-11931. Ubuntu's PulseAudio package is shipped with a custom "module-snap- policy" module intended to restrict snap confined clients from recording audio unless they have the "audio-record" plug connected. However, it does not restrict access to the "PA_COMMAND_UNLOAD_MODULE" command. This allows a snap that has only plugged "audio-playback" to request that PulseAudio unload the security policy module, which in turn makes it possible to record audio. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp