Support / Sécurité / Annonces de sécurité / Mandriva Enterprise Server 5 / MDVSA-2012:086

Nom du paquet: acpid
Date: 2012-05-31
Advisory ID: MDVSA-2012:086
Affected versions: MES5 i586 , MES5 x86_64 , 2010.1 i586 , 2010.1 x86_64

Problem description

A vulnerability has been discovered and corrected in acpid:

acpid.c in acpid before 2.0.9 does not properly handle a situation in
which a process has connected to acpid.socket but is not reading any
data, which allows local users to cause a denial of service (daemon
hang) via a crafted application that performs a connect system call
but no read system calls (CVE-2011-1159).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 a4c36c404bd3bff4a237ff311f3b2097  mes5/i586/acpid-1.0.6-6.3mnb2.i586.rpm 
 a66af7665f9a19c078ddcda8df99c3cf  mes5/SRPMS/acpid-1.0.6-6.3mnb2.src.rpm

MES5 x86_64

 b0f73a601200b450fd60ed8468fae652  mes5/x86_64/acpid-1.0.6-6.3mnb2.x86_64.rpm 
 a66af7665f9a19c078ddcda8df99c3cf  mes5/SRPMS/acpid-1.0.6-6.3mnb2.src.rpm

2010.1 i586

 2f102719ee28b4be284c3c5803e8b888  2010.1/i586/acpid-2.0.4-2.1mnb2.i586.rpm 
 d30539481c1b5cbfad4b6b7a45ef6d98  2010.1/SRPMS/acpid-2.0.4-2.1mnb2.src.rpm

2010.1 x86_64

 be6b6a6e82edbb180dbd2c7e129868d7  2010.1/x86_64/acpid-2.0.4-2.1mnb2.x86_64.rpm 
 d30539481c1b5cbfad4b6b7a45ef6d98  2010.1/SRPMS/acpid-2.0.4-2.1mnb2.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1159