2015-02-14
ALT-BU-2015-2304-1
Branch sisyphus update bulletin.
Package pulseaudio updated to version 6.0-alt1 for branch sisyphus in task 140351.
Closed vulnerabilities
Published: 2014-06-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3970
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
Severity: LOW (2.9)
References:
- http://advisories.mageia.org/MGASA-2014-0440.html
- http://advisories.mageia.org/MGASA-2014-0440.html
- [pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv
- [pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv
- [oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet
- [oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet
- [oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet
- [oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet
- 60624
- 60624
- MDVSA-2015:134
- MDVSA-2015:134
- 67814
- 67814