Debian Security Advisory 2984-1

Debian Security Advisory 2984-1: Posted Jul 23, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2984-1 - CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script.; tags | advisory, arbitrary, root; systems | linux, debian; advisories | CVE-2014-1419; SHA-256 | adaf1b772581837925185b0f8fb07ac5691d61ada127b8bcdfcadbfe95eb3291; Download | Favorite | View

Debian Security Advisory 2984-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2984-1                   security@debian.org
http://www.debian.org/security/                             Luciano Bello
July 22, 2014                          http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : acpi-support
CVE ID         : CVE-2014-1419

CESG discovered a root escalation flaw in the acpi-support package. An 
unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment 
variable to run arbitrary commands as root user via the policy-funcs 
script.

For the stable distribution (wheezy), this problem has been fixed in
version 0.140-5+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 0.142-2.

For the unstable distribution (sid), this problem has been fixed in
version 0.142-2.

We recommend that you upgrade your acpi-support packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJTzp77AAoJEG7C3vaP/jd0zssP/1WfL6Iq0elSTlAmqX8ZXQh2
0O8PFodYLSq/02clDQjGPAfxjwG2LWuXUlvt9/vn9G//sOKIW4SrGmoJRU89zwpk
uPPV51yLRaK4dv+A5binwFgCt+57vz3Of/8ung2JFEXBhWGh8fGqnRXpmCYM2BlI
70GHA2xLCNXxDd+aYClz7zXo0yPuTUhFWoL6HF+5IGoAJcn93t2N/UPPJ4Q7TM2f
cGOISy1WGicas8ytOpY9dRVBw314yEliYCMbJKJBcbnfawMAg2XLjbx3Kx9X7DEz
6wsW7TmgiyiDx44iqItdyc5hX3AqtbA1IIqdnBuKfzhxDBmtt7Ku4e/C5VoDIGqq
cs6Tsp11ztslsxoxi1B2nvJbGPAQt9CgiFRBdCzkawC/xD0IBCjEpVyqyCdr+TLe
sd1mGny3qk+j88xD7rgKK2e/p7ttce+CRsltH/TQHjGohsj/Z6tK9d6pzTNpJsUQ
9sau879yXv7X+s/x5v9QRpDuXgAi56yOpdWFU/UJuS8+Rg7OlakepWAheTrKcPl1
gboUO3xzuBgKYQDiNU7w/j3JKvFue+iIl9c+CHo8qriufR62hdwnpubM3qQurExG
rD0as7VIqqMPyOEaxn2Y8lZvCzkworCr2wPbLzSIWtfUM73zkcGMIpIwLw9OkkEV
8x4tW7dLSAktXPZAlzxZ
=leQs
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 2984-1

Debian Security Advisory 2984-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2984-1

Share This

Debian Security Advisory 2984-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems