[SECURITY] [DLA 194-1] das-watchdog security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 194-1] das-watchdog security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 12 Apr 2015 15:26:26 +0000
Message-id: <[🔎] E1YhJmE-0005Un-9N@master.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : das-watchdog
Version        : 0.9.0-2+deb6u1
CVE ID         : CVE-2015-2831
Debian Bug     : 781806

Adam Sampson discovered a buffer overflow in the handling of the 
XAUTHORITY environment variable in das-watchdog, a watchdog daemon to 
ensure a realtime process won't hang the machine. A local user can
exploit this flaw to escalate his privileges and execute arbitrary
code as root.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVKo5pAAoJEAVMuPMTQ89EpS4P/34TMYuRaKqX1XJbR89dKM/Z
tmJqbie4OhJWlxF1hUpWzWPPSx4vfNE5KiyI7jYQJF78UTPk9iKjI4eLUwpSbz6V
aZSvqWibYwpmGsMp5RWHnf8mk8wfjuSvtSVcVtmn9AnY33jCMx0p3bcjDyijMlZ4
y7m/lMO4IMUgAhtXfsMjuxyJWLpPYtVyU/2AcI0OdoR4wViu354PFwc8Al9pqNb/
uwfgIFsmMZYEFBB/4LV818JOIJtN42C7rkKtW94xIkIvvUCyU/yK5jKpjtErOmkz
2/RKh0Ry2brG5UgJH9Ox9l3zaF67On4DsZx++AEd1H8nyd0/nCoExmKPBncIjQ+g
fiG0vVVmEc4Mku+mLDRqzVg/dc8FlgUAhU25xmZ/m64DjJoizuGCRDKDZWhVdy8/
l9pUScW/31Y/Z9oj6mIO+UcKPpw8DSs33Ad8NF95mZfekpBwbGKtsI4JcOTg7Qd9
uzpAlGjvqV/a0asOJq1EvmH8IeEmQFRR9h1GfgNSNtng8aYfGkpdpHhCguJCKore
TsmWfYCnvR24swckGEc35RRYRdMS92grZJyXFMVBxa8rmN8zrEfJxr/kigEWc733
h6BkuqS8wVU4o1LoWlBwqijF8hd0voqVjIF3wRiNbd1j72bx/EtWtlJIezijJvF0
XHvt6Nn2OvDCEeGZAQTo
=7Y9s
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 192-1] ntp security update
Next by Date: [SECURITY] [DLA 193-1] chrony security update
Previous by thread: [SECURITY] [DLA 192-1] ntp security update
Next by thread: [SECURITY] [DLA 193-1] chrony security update
Index(es):
- Date
- Thread