USN-4355-1: PulseAudio vulnerability
PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass access controls and record audio.
Affected Software
Event History
Frequently Asked Questions
What is the severity of USN-4355-1?
The severity of USN-4355-1 is considered high due to the potential for unauthorized audio recording by an attacker-controlled snap package.
How do I fix USN-4355-1?
To fix USN-4355-1, upgrade PulseAudio to version 1:13.99.1-1ubuntu3.2 or later for Ubuntu 20.04, 1:13.0-1ubuntu1.2 or later for Ubuntu 19.10, 1:11.1-1ubuntu7.7 or later for Ubuntu 18.04, or 1:8.0-0ubuntu3.12 or later for Ubuntu 16.04.
What versions of PulseAudio are affected by USN-4355-1?
Affected versions include PulseAudio 1:13.99.1-1ubuntu3.2 or earlier for Ubuntu 20.04, 1:13.0-1ubuntu1.2 or earlier for Ubuntu 19.10, 1:11.1-1ubuntu7.7 or earlier for Ubuntu 18.04, and 1:8.0-0ubuntu3.12 or earlier for Ubuntu 16.04.
What type of vulnerability is USN-4355-1?
USN-4355-1 is a security vulnerability related to improper audio recording mediation in PulseAudio for snap packages.
Who is impacted by USN-4355-1?
Users of affected versions of PulseAudio within Ubuntu 20.04, 19.10, 18.04, and 16.04 are impacted by USN-4355-1.