Branch sisyphus update bulletin.

Package pulseaudio updated to version 6.0-alt1 for branch sisyphus in task 140351.

Published: 2014-06-11
Modified: 2025-04-12

CVE-2014-3970

The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.

Severity: LOW (2.9) Vector: AV:A/AC:M/Au:N/C:N/I:N/A:P

References:

http://advisories.mageia.org/MGASA-2014-0440.html
http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html
http://seclists.org/oss-sec/2014/q2/429
http://seclists.org/oss-sec/2014/q2/437
http://secunia.com/advisories/60624
http://www.mandriva.com/security/advisories?name=MDVSA-2015:134
http://www.securityfocus.com/bid/67814
http://advisories.mageia.org/MGASA-2014-0440.html
http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html
http://seclists.org/oss-sec/2014/q2/429
http://seclists.org/oss-sec/2014/q2/437
http://secunia.com/advisories/60624
http://www.mandriva.com/security/advisories?name=MDVSA-2015:134
http://www.securityfocus.com/bid/67814

Version: 2.1.2

Branch sisyphus update on 2015-02-14

ALT-BU-2015-2304-1

ALT-PU-2015-1161-1

Closed vulnerabilities

CVE-2014-3970