Debians sikkerhedsbulletin
DSA-1960-1 acpid -- programmeringsfejl
- Rapporteret den:
- 19. dec 2009
- Berørte pakker:
- acpid
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2009-4235.
- Yderligere oplysninger:
-
Man opdagede at acpid, eventdæmonen til Advanced Configuration and Power Interface, i den gamle stabile distribution (etch) oprettede sin logfil med svage rettigheder, hvilket måske kunne blotlægge følsomme oplysninger eller måske misbruges af en lokal bruger til at opbruge al fri diskplads på den samme partition som filen.
I den gamle stabile distribution (etch), er dette problem rettet i version 1.0.4-5etch2.
Den stable distribution (lenny), version 1.0.8-1lenny2, og den ustabile distribution (sid), version 1.0.10-5, er opdateret til at rette de svage filrettigheder på logfiler oprettet af ældre versioner af programmet.
Vi anbefaler at du opgraderer dine acpid-pakker.
- Rettet i:
-
Debian GNU/Linux 4.0 (etch)
- Kildekode:
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2.diff.gz
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2.dsc
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4.orig.tar.gz
- AMD64:
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2_amd64.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2_ia64.deb
Debian GNU/Linux 5.0 (lenny)
- Kildekode:
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2.diff.gz
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2.dsc
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8.orig.tar.gz
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2.dsc
- AMD64:
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2_amd64.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2_ia64.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.