DSA-1838-1 pulseaudio -- privilege escalationID: oval:org.secpod.oval:def:600426 | Date: (C)2011-05-13 (M)2023-02-20 |
Class: PATCH | Family: unix |
Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges. The old stable distribution is not affected by this issue. For the stable distribution , this problem has been fixed in version 0.9.10-3+lenny1. For the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your pulseaudio packages.