[ubuntu/lucid-security] acpid 1.0.10-5ubuntu2.5 (Accepted)

Tyler Hicks tyhicks at canonical.com
Thu Dec 8 23:05:20 UTC 2011 

acpid (1.0.10-5ubuntu2.5) lucid-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution in the power button handling
    script (LP: #893821)
    - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
      variable is only read from a process owned by the user that will be
      evaluating the variable.
    - CVE-2011-2777
  * SECURITY UPDATE: Unprivileged users may be able to write to directories
    and read files created by event handler scripts
    - event.c: Set a restrictive umask of 0077 before running an event handler
      script. Based on upstream patch.
    - CVE-2011-4578

Date: Wed, 07 Dec 2011 16:35:39 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/acpid/1.0.10-5ubuntu2.5
-------------- next part --------------
Format: 1.8
Date: Wed, 07 Dec 2011 16:35:39 -0600
Source: acpid
Binary: acpid
Architecture: source
Version: 1.0.10-5ubuntu2.5
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 acpid      - Advanced Configuration and Power Interface event daemon
Launchpad-Bugs-Fixed: 893821
Changes: 
 acpid (1.0.10-5ubuntu2.5) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution in the power button handling
     script (LP: #893821)
     - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
       variable is only read from a process owned by the user that will be
       evaluating the variable.
     - CVE-2011-2777
   * SECURITY UPDATE: Unprivileged users may be able to write to directories
     and read files created by event handler scripts
     - event.c: Set a restrictive umask of 0077 before running an event handler
       script. Based on upstream patch.
     - CVE-2011-4578
Checksums-Sha1: 
 03ba65fb0a4987caa82a0d019307a42df316c7ac 2048 acpid_1.0.10-5ubuntu2.5.dsc
 e97ca8511cc166ee149e66ea7cbd9c11d5a1736c 41940 acpid_1.0.10-5ubuntu2.5.diff.gz
Checksums-Sha256: 
 17bee724444944174ad1b967704a9055d479e130ee86f2333199a9e3754f0d13 2048 acpid_1.0.10-5ubuntu2.5.dsc
 ca31b99d6cf669f1c8ae7fa82cec3244ba33faeae8e09099646415be8a65c56e 41940 acpid_1.0.10-5ubuntu2.5.diff.gz
Files: 
 a8d419b90ff82e591e25b2cdfc3633ce 2048 admin optional acpid_1.0.10-5ubuntu2.5.dsc
 c07690f771c602e135b3bed640756134 41940 admin optional acpid_1.0.10-5ubuntu2.5.diff.gz
Original-Maintainer: Debian Acpi Team <pkg-acpi-devel at lists.alioth.debian.org>

More information about the Lucid-changes mailing list