USN-1296-1: acpid vulnerabilities

8 December 2011

acpid vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04 LTS

Summary

Several security issues were fixed in acpid.

Software Description

  • acpid - Advanced Configuration and Power Interface daemon

Details

Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges. (CVE-2011-2777)

Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask (umask). A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask. (CVE-2011-4578)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10
acpid - 1:2.0.10-1ubuntu2.3
Ubuntu 11.04
acpid - 1:2.0.7-1ubuntu2.4
Ubuntu 10.10
acpid - 1.0.10-5ubuntu4.4
Ubuntu 10.04 LTS
acpid - 1.0.10-5ubuntu2.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References