Package name
acpid
Date
2012-08-17
Advisory ID
MDVSA-2012:138
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been discovered and corrected in acpid:

Helmut Grohne and Michael Biebl discovered that ACPI scripts were
executed with a permissive file mode creation mask (umask). A local
attacker could read files and modify directories created by ACPI
scripts that did not set a strict umask (CVE-2011-4578).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 85f3ca54e7b9425908750055505ba976  mes5/i586/acpid-1.0.6-6.4mnb2.i586.rpm 
 5eec7f7fc2c232aee6ce97f84666422a  mes5/SRPMS/acpid-1.0.6-6.4mnb2.src.rpm

MES5 x86_64

 6a467035f7b3faa0067c5be0023b32a7  mes5/x86_64/acpid-1.0.6-6.4mnb2.x86_64.rpm 
 5eec7f7fc2c232aee6ce97f84666422a  mes5/SRPMS/acpid-1.0.6-6.4mnb2.src.rpm

References