[ubuntu/oneiric-security] acpid 1:2.0.10-1ubuntu2.3 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Thu Dec 8 23:05:04 UTC 2011
acpid (1:2.0.10-1ubuntu2.3) oneiric-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution in the power button handling
script (LP: #893821)
- debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
variable is only read from a process owned by the user that will be
evaluating the variable.
- CVE-2011-2777
* SECURITY UPDATE: Unprivileged users may be able to write to directories
and read files created by event handler scripts
- event.c: Set a restrictive umask of 0077 before running an event handler
script. Based on upstream patch.
- CVE-2011-4578
Date: Wed, 07 Dec 2011 16:35:22 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/acpid/1:2.0.10-1ubuntu2.3
-------------- next part --------------
Format: 1.8
Date: Wed, 07 Dec 2011 16:35:22 -0600
Source: acpid
Binary: acpid kacpimon
Architecture: source
Version: 1:2.0.10-1ubuntu2.3
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
acpid - Advanced Configuration and Power Interface event daemon
kacpimon - Kernel ACPI Event Monitor
Launchpad-Bugs-Fixed: 893821
Changes:
acpid (1:2.0.10-1ubuntu2.3) oneiric-security; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution in the power button handling
script (LP: #893821)
- debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
variable is only read from a process owned by the user that will be
evaluating the variable.
- CVE-2011-2777
* SECURITY UPDATE: Unprivileged users may be able to write to directories
and read files created by event handler scripts
- event.c: Set a restrictive umask of 0077 before running an event handler
script. Based on upstream patch.
- CVE-2011-4578
Checksums-Sha1:
0be03153f3b6a35a0ce135406fdde4219c751a8f 2008 acpid_2.0.10-1ubuntu2.3.dsc
4309449110d7fca0662fb59f4a4447b0bfc61006 21411 acpid_2.0.10-1ubuntu2.3.diff.gz
Checksums-Sha256:
aef6afb28bd17bf4e2bce6112dfd3b70552d7f36ac023da64769866a2c9cc7fe 2008 acpid_2.0.10-1ubuntu2.3.dsc
f77b75c74261115ce123957114a1183d62c7034520eb798445165348469937f8 21411 acpid_2.0.10-1ubuntu2.3.diff.gz
Files:
a767b77a5657c1cd8aaf7fbaebb16215 2008 admin optional acpid_2.0.10-1ubuntu2.3.dsc
ac5473a99f44ea1e691779450be23611 21411 admin optional acpid_2.0.10-1ubuntu2.3.diff.gz
Original-Maintainer: Debian Acpi Team <pkg-acpi-devel at lists.alioth.debian.org>
More information about the Oneiric-changes
mailing list