Debians sikkerhedsbulletin

DSA-1786-1 acpid -- lammelsesangreb

Rapporteret den:
2. maj 2009
Berørte pakker:
acpid
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2009-0798.
Yderligere oplysninger:

Man opdagede at acpid, en dæmon til levering af ACPI-begivenheder, var sårbar over for et lammelsesangreb (denial of service) ved at åbne et stort antal UNIX-sockets, der ikke blev lukket korrekt.

I den stabile distribution (lenny), er dette problem rettet i version 1.0.8-1lenny1.

I den gamle stabile distribution (etch), er dette problem rettet i version 1.0.4-5etch1.

I distributionen testing (squeeze) og i den ustabile distribution (sid), er dette problem rettet i version 1.0.10-1.

Vi anbefaler at du opgraderer dine acpid-pakker.

Rettet i:

Debian GNU/Linux 4.0 (etch)

Kildekode:
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4.orig.tar.gz
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1.dsc
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1.diff.gz
AMD64:
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_amd64.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_ia64.deb

Debian GNU/Linux 5.0 (lenny)

Kildekode:
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1.diff.gz
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1.dsc
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8.orig.tar.gz
AMD64:
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_amd64.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_ia64.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.