Paketname
acpid
Datum
2012-08-17
Advisory ID
MDVSA-2012:137
Betroffene Versionen
2011 i586 , 2011 x86_64

Problembeschreibung

Multiple vulnerabilities has been discovered and corrected in acpid:

Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled
power button events. A local attacker could use this to execute
arbitrary code, and possibly escalate privileges (CVE-2011-2777).

Helmut Grohne and Michael Biebl discovered that ACPI scripts were
executed with a permissive file mode creation mask (umask). A local
attacker could read files and modify directories created by ACPI
scripts that did not set a strict umask (CVE-2011-4578).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

2011 i586

 23d5343c86fea6a72a789a3f29e4f733  2011/i586/acpid-2.0.10-1.1-mdv2011.0.i586.rpm 
 3a78db800ec8c3063d834f618a39357e  2011/SRPMS/acpid-2.0.10-1.1.src.rpm

2011 x86_64

 a8e6080d229eae2c7ce068a240f902c6  2011/x86_64/acpid-2.0.10-1.1-mdv2011.0.x86_64.rpm 
 3a78db800ec8c3063d834f618a39357e  2011/SRPMS/acpid-2.0.10-1.1.src.rpm

Referenzen