Mandriva: Subject: [Security Announce] [ MDVA-2008:148 ] pulseaudio

10-17-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Mandriva: Subject: [Security Announce] [ MDVA-2008:148 ] pulseaudio

LinuxSecurity.com: Some issues relating to thread cancellation have been discovered in the pulseaudio package shipped with Mandriva Linux 2009.0. These issues could result in the crash of an application acting as a pulseaudio client. This condition is greatly exacerbated when the client is unable to connect to the pulseaudio server. Due to the fact that libcanberra is used to play event sounds in GTK apps, this problem could present itself when running GTK applications as root which, under some circumstances, was unable to connect to the user's pulseaudio daemon.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

pulse-client.conf(5) File Formats Manual pulse-client.conf(5) NAME
pulse-client.conf - PulseAudio client configuration file SYNOPSIS
~/.config/pulse/client.conf /etc/pulse/client.conf DESCRIPTION
The PulseAudio client library reads configuration directives from a file ~/.config/pulse/client.conf on startup and when that file doesn't exist from /etc/pulse/client.conf. The configuration file is a simple collection of variable declarations. If the configuration file parser encounters either ; or # it ignores the rest of the line until its end. For the settings that take a boolean argument the values true, yes, on and 1 are equivalent, resp. false, no, off, 0. DIRECTIVES
default-sink= The default sink to connect to. If specified overwrites the setting in the daemon. The environment variable $PULSE_SINK how- ever takes precedence. default-source= The default source to connect to. If specified overwrites the setting in the daemon. The environment variable $PULSE_SOURCE however takes precedence. default-server= The default sever to connect to. The environment variable $PULSE_SERVER takes precedence. autospawn= Autospawn a PulseAudio daemon when needed. Takes a boolean value, defaults to yes. daemon-binary= Path to the PulseAudio daemon to run when autospawning. Defaults to a path configured at compile time. extra-arguments= Extra arguments to pass to the PulseAudio daemon when autospawning. Defaults to --log-target=syslog cookie-file= Specify the path to the PulseAudio authentication cookie. Defaults to ~/.config/pulse/cookie. enable-shm= Enable data transfer via POSIX shared memory. Takes a boolean argument, defaults to yes. shm-size-bytes= Sets the shared memory segment size for clients, in bytes. If left unspecified or is set to 0 it will default to some sys- tem-specific default, usually 64 MiB. Please note that usually there is no need to change this value, unless you are running an OS kernel that does not do memory overcommit. auto-connect-localhost= Automatically try to connect to localhost via IP. Enabling this is a potential security hole since connections are only authenticated one-way and a rogue server might hence fool a client into sending it its private (e.g. VoIP call) data. This was enabled by default on PulseAudio version 0.9.21 and older. Defaults to no. auto-connect-display= Automatically try to connect to the host X11's $DISPLAY variable is set to. The same security issues apply as to auto-connect-localhost=. Defaults to no. AUTHORS
The PulseAudio Developers <pulseaudio-discuss (at) lists (dot) freedesktop (dot) org>; PulseAudio is available from http://pulseaudio.org/ SEE ALSO
pulse-daemon.conf(5), pulseaudio(1) Manuals User pulse-client.conf(5)

Security Advisories (RSS)

Mandriva: Subject: [Security Announce] [ MDVA-2008:148 ] pulseaudio

LEARN ABOUT CENTOS

pulse-client.conf