Debians sikkerhedsbulletin

DSA-1786-1 acpid -- lammelsesangreb

Rapporteret den:

2. maj 2009

Berørte pakker:

acpid

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2009-0798.

Yderligere oplysninger:

Man opdagede at acpid, en dæmon til levering af ACPI-begivenheder, var sårbar over for et lammelsesangreb (denial of service) ved at åbne et stort antal UNIX-sockets, der ikke blev lukket korrekt.

I den stabile distribution (lenny), er dette problem rettet i version 1.0.8-1lenny1.

I den gamle stabile distribution (etch), er dette problem rettet i version 1.0.4-5etch1.

I distributionen testing (squeeze) og i den ustabile distribution (sid), er dette problem rettet i version 1.0.10-1.

Vi anbefaler at du opgraderer dine acpid-pakker.

Rettet i:

Debian GNU/Linux 4.0 (etch)

Kildekode:: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4.orig.tar.gz; http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1.dsc; http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1.diff.gz
AMD64:: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_amd64.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_ia64.deb

Debian GNU/Linux 5.0 (lenny)

Kildekode:: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1.diff.gz; http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1.dsc; http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8.orig.tar.gz
AMD64:: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_amd64.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_ia64.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.