| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Sep 2014 09:51:10 -0500 From: Raphael Geissert <geissert@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 3020-1] acpi-support security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3020-1 security@...ian.org http://www.debian.org/security/ Raphael Geissert September 10, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : acpi-support CVE ID : CVE-2014-0484 During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user's environment. This could lead to program malfunction or allow a local user to escalate privileges to the root user due to a programming error. For the stable distribution (wheezy), this problem has been fixed in version 0.140-5+deb7u3. For the testing distribution (jessie), and the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your acpi-support packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQQZWQACgkQYy49rUbZzlpFkACfWupzb7EZeBuRcz1yutluO0B2 fnsAn0m5qFnWFf4cD/GcDZWAuLN5bas7 =RTmD -----END PGP SIGNATURE-----
Powered by blists - more mailing lists