Detections
Analytics
MDVA-2008:148 : pulseaudio
high Nessus Plugin ID 37523
Synopsis
The remote Mandriva host is missing one or more security-related patches.Description
Some issues relating to thread cancellation have been discovered in the pulseaudio package shipped with Mandriva Linux 2009.0.These issues could result in the crash of an application acting as a pulseaudio client. This condition is greatly exacerbated when the client is unable to connect to the pulseaudio server. Due to the fact that libcanberra is used to play event sounds in GTK apps, this problem could present itself when running GTK applications as root which, under some circumstances, was unable to connect to the user's pulseaudio daemon.
The problems were traced to the use of libasycns in pulseaudio and this updated package is compiled without support for this library (it is not essential to pulseaudio operation).
In addition, the version of pulseaudio shipped in Mandriva Linux 2009.0 used wallclock time to determine when a misbehaving daemon was overloading the CPU (under which circumstances the daemon terminated). This can cause problems when the time is changed manually or when daylight savings kick in. This package also contains an upstream fix to use monotonic time which does not suffer from this limitation.
Solution
Update the affected package(s).See Also
http://www.mandriva.com/security/advisories?name=MDVA-2008:148
Plugin Details
Severity: High
ID: 37523
File Name: mandriva_MDVA-2008-148.nasl
Version: 1.11
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/o:mandriva:linux
Required KB Items: Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 10/17/2008