Nom du paquet
acpid
Date
2012-05-31
Advisory ID
MDVSA-2012:086
Affected versions
MES5 i586 , MES5 x86_64 , 2010.1 i586 , 2010.1 x86_64

Problem description

A vulnerability has been discovered and corrected in acpid:

acpid.c in acpid before 2.0.9 does not properly handle a situation in
which a process has connected to acpid.socket but is not reading any
data, which allows local users to cause a denial of service (daemon
hang) via a crafted application that performs a connect system call
but no read system calls (CVE-2011-1159).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 a4c36c404bd3bff4a237ff311f3b2097  mes5/i586/acpid-1.0.6-6.3mnb2.i586.rpm 
 a66af7665f9a19c078ddcda8df99c3cf  mes5/SRPMS/acpid-1.0.6-6.3mnb2.src.rpm

MES5 x86_64

 b0f73a601200b450fd60ed8468fae652  mes5/x86_64/acpid-1.0.6-6.3mnb2.x86_64.rpm 
 a66af7665f9a19c078ddcda8df99c3cf  mes5/SRPMS/acpid-1.0.6-6.3mnb2.src.rpm

2010.1 i586

 2f102719ee28b4be284c3c5803e8b888  2010.1/i586/acpid-2.0.4-2.1mnb2.i586.rpm 
 d30539481c1b5cbfad4b6b7a45ef6d98  2010.1/SRPMS/acpid-2.0.4-2.1mnb2.src.rpm

2010.1 x86_64

 be6b6a6e82edbb180dbd2c7e129868d7  2010.1/x86_64/acpid-2.0.4-2.1mnb2.x86_64.rpm 
 d30539481c1b5cbfad4b6b7a45ef6d98  2010.1/SRPMS/acpid-2.0.4-2.1mnb2.src.rpm

References