Paketname
acpid
Datum
2009-12-26
Advisory ID
MDVSA-2009:342
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

Multiple vulnerabilities has been found and corrected in acpid:

A certain Red Hat patch for acpid 1.0.4 effectively triggers a call
to the open function with insufficient arguments, which might allow
local users to leverage weak permissions on /var/log/acpid, and obtain
sensitive information by reading this file, cause a denial of service
by overwriting this file, or gain privileges by executing this file
(CVE-2009-4033).

acpid 1.0.4 sets an unrestrictive umask, which might allow local users
to leverage weak permissions on /var/log/acpid, and obtain sensitive
information by reading this file or cause a denial of service by
overwriting this file, a different vulnerability than CVE-2009-4033
(CVE-2009-4235).

This update provides a solution to these vulnerabilities.

Aktualisierte Pakete

CS4.0 x86_64

 7ab456d04757a0aba4011e1f818b50ad  corporate/4.0/x86_64/acpid-1.0.4-6.4.20060mlcs4.x86_64.rpm 
 0b8535180ecdae336003fcc220488716  corporate/4.0/SRPMS/acpid-1.0.4-6.4.20060mlcs4.src.rpm

CS4.0 i586

 cc578555f4de1362cd8ea344a8b6a184  corporate/4.0/i586/acpid-1.0.4-6.4.20060mlcs4.i586.rpm 
 0b8535180ecdae336003fcc220488716  corporate/4.0/SRPMS/acpid-1.0.4-6.4.20060mlcs4.src.rpm

Referenzen