[ubuntu/natty-security] acpid 1:2.0.7-1ubuntu2.4 (Accepted)

Tyler Hicks tyhicks at canonical.com
Thu Dec 8 23:05:10 UTC 2011 

acpid (1:2.0.7-1ubuntu2.4) natty-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution in the power button handling
    script (LP: #893821)
    - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
      variable is only read from a process owned by the user that will be
      evaluating the variable.
    - CVE-2011-2777
  * SECURITY UPDATE: Unprivileged users may be able to write to directories
    and read files created by event handler scripts
    - event.c: Set a restrictive umask of 0077 before running an event handler
      script. Based on upstream patch.
    - CVE-2011-4578

Date: Wed, 07 Dec 2011 16:35:28 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/acpid/1:2.0.7-1ubuntu2.4
-------------- next part --------------
Format: 1.8
Date: Wed, 07 Dec 2011 16:35:28 -0600
Source: acpid
Binary: acpid kacpimon
Architecture: source
Version: 1:2.0.7-1ubuntu2.4
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 acpid      - Advanced Configuration and Power Interface event daemon
 kacpimon   - Kernel ACPI Event Monitor
Launchpad-Bugs-Fixed: 893821
Changes: 
 acpid (1:2.0.7-1ubuntu2.4) natty-security; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution in the power button handling
     script (LP: #893821)
     - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
       variable is only read from a process owned by the user that will be
       evaluating the variable.
     - CVE-2011-2777
   * SECURITY UPDATE: Unprivileged users may be able to write to directories
     and read files created by event handler scripts
     - event.c: Set a restrictive umask of 0077 before running an event handler
       script. Based on upstream patch.
     - CVE-2011-4578
Checksums-Sha1: 
 0666b1e3fbbad0b4779b7e9fd6b60707feaff0a5 1970 acpid_2.0.7-1ubuntu2.4.dsc
 7fd0967442b00f9eed3ccc6c34e8ac2337810e58 21228 acpid_2.0.7-1ubuntu2.4.diff.gz
Checksums-Sha256: 
 9d48de189cb89b56d0080be261d4f18bd85e87afc6af9e37dc91c6c8cd30c1ad 1970 acpid_2.0.7-1ubuntu2.4.dsc
 b6257e984bb7d334e93f0d86ba56cb1133ad96ee952afd7e1daf3ef988408d3d 21228 acpid_2.0.7-1ubuntu2.4.diff.gz
Files: 
 e19a18d1c1875a7792ffee04cc73b915 1970 admin optional acpid_2.0.7-1ubuntu2.4.dsc
 044896eb0c71bb1da557ea64fca6a8e3 21228 admin optional acpid_2.0.7-1ubuntu2.4.diff.gz
Original-Maintainer: Debian Acpi Team <pkg-acpi-devel at lists.alioth.debian.org>

More information about the Natty-changes mailing list