Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in acpid
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in acpid
ID: USN-1296-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10
Datum: Fr, 9. Dezember 2011, 08:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2777
Applikationen: ACPI Event Daemon

Originalnachricht


--===============4242876460912186850==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="6c2NcOVqGQ03X4Wi"
Content-Disposition: inline


--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1296-1
December 08, 2011

acpid vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in acpid.

Software Description:
- acpid: Advanced Configuration and Power Interface daemon

Details:

Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power
button events. A local attacker could use this to execute arbitrary code, and
possibly escalate privileges. (CVE-2011-2777)

Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with
a permissive file mode creation mask (umask). A local attacker could read files
and modify directories created by ACPI scripts that did not set a strict umask.
(CVE-2011-4578)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
acpid 1:2.0.10-1ubuntu2.3

Ubuntu 11.04:
acpid 1:2.0.7-1ubuntu2.4

Ubuntu 10.10:
acpid 1.0.10-5ubuntu4.4

Ubuntu 10.04 LTS:
acpid 1.0.10-5ubuntu2.5

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1296-1
CVE-2011-2777, CVE-2011-4578

Package Information:
https://launchpad.net/ubuntu/+source/acpid/1:2.0.10-1ubuntu2.3
https://launchpad.net/ubuntu/+source/acpid/1:2.0.7-1ubuntu2.4
https://launchpad.net/ubuntu/+source/acpid/1.0.10-5ubuntu4.4
https://launchpad.net/ubuntu/+source/acpid/1.0.10-5ubuntu2.5


--6c2NcOVqGQ03X4Wi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJO4UkmAAoJENaSAD2qAscKytwQAMbvf4GD6cNoVZ8RYRezXzek
GOixNDk983f5p8obuexGRVg7NjKgcuuz6JKs3OKHbc+rmSHE/CsDa55gwm6MXK3h
lRty0YYppUBxa66jPGnwKLxnWW+csUksfOyDj55helyEP7yKwIdfcplyXp19x0Yr
ulyDTvG79meJc+XrjioxgRrkaKWejooTMyJXIDQq9myK2ETD+TCTh5vHvgtWKcdQ
xZ3hoTS9a2mY4RdE5YvqcmQsvM60ygscsJ69oz74uvFu1qYia1U8vq7ySnoXJnw2
3bk28XNI4tFtV1Uw9qdFoQYnPMw68rKOlgvzQzyVbwT7GppCjmw1AAOUkmdKze+3
0jmT/2D99jG0O6BBGnDg/ohQB+cc5W226f1coAjKO47tzc1u4RJ9YzP8qbO1UjSb
z/YcRBMpe0OrlmvHz4Cyuc0vknzjunxZM/a4r7kjBPkukFq0RWgc6+68gkFPNnSV
mUwX9osrhJPqsXnIDG84IugSEYZU9oTLNU71fThgCiOPQasXC1lpKhmyt2+6CbD6
ZcpbI6BPF2k9kNgRzL3HYBFhcCDouJUCMyRWu0z94+6sahrMnHFh6zg6jc/tWRl+
avbJ5GcBTAJWi0BPnc8pZpOI94cpHkERFYDB7zyOfJ1RTVFwgbavxuLdVFFAd+a1
gYxY4dx56Tg8V6VQrd3z
=99Hs
-----END PGP SIGNATURE-----

--6c2NcOVqGQ03X4Wi--


--===============4242876460912186850==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4242876460912186850==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung