Bugzilla – Bug 881524
VUL-1: CVE-2014-3970: pulseaudio: denial of service in module-rtp-recv
Last modified: 2014-09-01 10:02:05 UTC
CVE-2014-3970 PulseAudio suffers from a remote denial of service if the module-rtp-recv module is loaded. A remote attacker could crash this instance of PulseAudio by sending an empty UDP packet to the multicast address that module-rtp-recv is listening A potential patch has been submitted upstream but has not yet been accepted. http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020741.html References: https://bugzilla.redhat.com/show_bug.cgi?id=1104835 http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html http://openwall.com/lists/oss-security/2014/06/04/8
Affected packages: SLE-11-SP3: pulseaudio
bugbot adjusting priority
submitted. SUSE:SLE-11-SP2:Update:Test - #41448 SUSE:SLE-12:GA - #41449 openSUSE_12.3 - #241566 openSUSE_13.1 - #241567
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2014-08-21. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58407
Affected packages: SLE-11-SP2: pulseaudio SLE-11-SP3: pulseaudio
we would also need a submission for SUSE:SLE-11-SP1:Update:Test pulseaudio
added submission for SUSE:SLE-11-SP1:Update:Test - #42337
SUSE-SU-2014:1001-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 881524 CVE References: CVE-2014-3970 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Desktop 11 SP3 (src): pulseaudio-0.9.23-0.15.1
SUSE-SU-2014:0999-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 881524 CVE References: CVE-2014-3970 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Desktop 11 SP3 (src): pulseaudio-0.9.23-0.15.1
SUSE-SU-2014:1003-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 881524 CVE References: CVE-2014-3970 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Desktop 11 SP3 (src): pulseaudio-0.9.23-0.15.1
SUSE-SU-2014:1007-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 881524 CVE References: CVE-2014-3970 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Desktop 11 SP3 (src): pulseaudio-0.9.23-0.15.1
SUSE-SU-2014:1013-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 881524 CVE References: CVE-2014-3970 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Server 11 SP3 (src): pulseaudio-0.9.23-0.15.1 SUSE Linux Enterprise Desktop 11 SP3 (src): pulseaudio-0.9.23-0.15.1
released