Novell Home

CVE-2009-1299

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2009-1299 at MITRE

Description

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 584938

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.0
  • pulseaudio-debuginfo >= 0.9.10-26.7
  • pulseaudio-debugsource >= 0.9.10-26.7
openSUSE 11.0
  • libpulse-browse0 >= 0.9.10-26.7
  • libpulse-devel >= 0.9.10-26.7
  • libpulse-mainloop-glib0 >= 0.9.10-26.7
  • libpulse0 >= 0.9.10-26.7
  • libpulse0-32bit >= 0.9.10-26.7
  • libpulse0-64bit >= 0.9.10-26.7
  • libpulsecore4 >= 0.9.10-26.7
  • pulseaudio >= 0.9.10-26.7
  • pulseaudio-esound-compat >= 0.9.10-26.7
  • pulseaudio-module-bluetooth >= 0.9.10-26.7
  • pulseaudio-module-gconf >= 0.9.10-26.7
  • pulseaudio-module-jack >= 0.9.10-26.7
  • pulseaudio-module-lirc >= 0.9.10-26.7
  • pulseaudio-module-x11 >= 0.9.10-26.7
  • pulseaudio-module-zeroconf >= 0.9.10-26.7
  • pulseaudio-utils >= 0.9.10-26.7
openSUSE 11.1
  • pulseaudio-debuginfo >= 0.9.14-2.3.1
  • pulseaudio-debugsource >= 0.9.14-2.3.1
openSUSE 11.1
  • libpulse-browse0 >= 0.9.14-2.3.1
  • libpulse-devel >= 0.9.14-2.3.1
  • libpulse-mainloop-glib0 >= 0.9.14-2.3.1
  • libpulse0 >= 0.9.14-2.3.1
  • libpulse0-32bit >= 0.9.14-2.3.1
  • pulseaudio >= 0.9.14-2.3.1
  • pulseaudio-esound-compat >= 0.9.14-2.3.1
  • pulseaudio-lang >= 0.9.14-2.3.1
  • pulseaudio-module-bluetooth >= 0.9.14-2.3.1
  • pulseaudio-module-gconf >= 0.9.14-2.3.1
  • pulseaudio-module-jack >= 0.9.14-2.3.1
  • pulseaudio-module-lirc >= 0.9.14-2.3.1
  • pulseaudio-module-x11 >= 0.9.14-2.3.1
  • pulseaudio-module-zeroconf >= 0.9.14-2.3.1
  • pulseaudio-utils >= 0.9.14-2.3.1
openSUSE 11.2
  • libpulse-browse0-debuginfo >= 0.9.21-1.2.1
  • libpulse-mainloop-glib0-debuginfo >= 0.9.21-1.2.1
  • libpulse0-debuginfo >= 0.9.21-1.2.1
  • libpulse0-debuginfo-32bit >= 0.9.21-1.2.1
  • pulseaudio-debuginfo >= 0.9.21-1.2.1
  • pulseaudio-debugsource >= 0.9.21-1.2.1
  • pulseaudio-module-bluetooth-debuginfo >= 0.9.21-1.2.1
  • pulseaudio-module-gconf-debuginfo >= 0.9.21-1.2.1
  • pulseaudio-module-jack-debuginfo >= 0.9.21-1.2.1
  • pulseaudio-module-lirc-debuginfo >= 0.9.21-1.2.1
  • pulseaudio-module-x11-debuginfo >= 0.9.21-1.2.1
  • pulseaudio-module-zeroconf-debuginfo >= 0.9.21-1.2.1
  • pulseaudio-utils-debuginfo >= 0.9.21-1.2.1
openSUSE 11.2
  • libpulse-browse0 >= 0.9.21-1.2.1
  • libpulse-devel >= 0.9.21-1.2.1
  • libpulse-mainloop-glib0 >= 0.9.21-1.2.1
  • libpulse0 >= 0.9.21-1.2.1
  • libpulse0-32bit >= 0.9.21-1.2.1
  • pulseaudio >= 0.9.21-1.2.1
  • pulseaudio-esound-compat >= 0.9.21-1.2.1
  • pulseaudio-gdm-hooks >= 0.9.21-1.2.1
  • pulseaudio-lang >= 0.9.21-1.2.1
  • pulseaudio-module-bluetooth >= 0.9.21-1.2.1
  • pulseaudio-module-gconf >= 0.9.21-1.2.1
  • pulseaudio-module-jack >= 0.9.21-1.2.1
  • pulseaudio-module-lirc >= 0.9.21-1.2.1
  • pulseaudio-module-x11 >= 0.9.21-1.2.1
  • pulseaudio-module-zeroconf >= 0.9.21-1.2.1
  • pulseaudio-utils >= 0.9.21-1.2.1

© 2014 Novell