[Touch-packages] [Bug 1877102] Re: snap policy module can be unloaded, circumventing audio recording restrictions for snaps

[Jamie Strandboge]

Uploaded
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu5 to
groovy based on 1:13.99.1-1ubuntu4 from groovy-proposed.

** Changed in: pulseaudio (Ubuntu Groovy)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1877102

Title:
  snap policy module can be unloaded, circumventing audio recording
  restrictions for snaps

Status in pulseaudio package in Ubuntu:
  Fix Committed
Status in pulseaudio source package in Xenial:
  Fix Released
Status in pulseaudio source package in Bionic:
  Fix Released
Status in pulseaudio source package in Eoan:
  Fix Released
Status in pulseaudio source package in Focal:
  Fix Released
Status in pulseaudio source package in Groovy:
  Fix Committed

Bug description:
  This collates information about a security vulnerability discussed in
  email.  It has been assigned CVE-2020-11931.

  Ubuntu's PulseAudio package is shipped with a custom "module-snap-
  policy" module intended to restrict snap confined clients from
  recording audio unless they have the "audio-record" plug connected.
  However, it does not restrict access to the "PA_COMMAND_UNLOAD_MODULE"
  command.

  This allows a snap that has only plugged "audio-playback" to request
  that PulseAudio unload the security policy module, which in turn makes
  it possible to record audio.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp