MDVSA-2012:137
- Package name
- acpid
- Date
- 2012-08-17
- Advisory ID
- MDVSA-2012:137
- Affected versions
- 2011 i586 , 2011 x86_64
Problem description
Multiple vulnerabilities has been discovered and corrected in acpid:
Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled
power button events. A local attacker could use this to execute
arbitrary code, and possibly escalate privileges (CVE-2011-2777).
Helmut Grohne and Michael Biebl discovered that ACPI scripts were
executed with a permissive file mode creation mask (umask). A local
attacker could read files and modify directories created by ACPI
scripts that did not set a strict umask (CVE-2011-4578).
The updated packages have been patched to correct these issues.
Updated packages
2011 i586
23d5343c86fea6a72a789a3f29e4f733 2011/i586/acpid-2.0.10-1.1-mdv2011.0.i586.rpm 3a78db800ec8c3063d834f618a39357e 2011/SRPMS/acpid-2.0.10-1.1.src.rpm
2011 x86_64
a8e6080d229eae2c7ce068a240f902c6 2011/x86_64/acpid-2.0.10-1.1-mdv2011.0.x86_64.rpm 3a78db800ec8c3063d834f618a39357e 2011/SRPMS/acpid-2.0.10-1.1.src.rpm