Debian Linux Security Advisory 2984-1 - CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script.
adaf1b772581837925185b0f8fb07ac5691d61ada127b8bcdfcadbfe95eb3291
Ubuntu Security Notice 2297-1 - CESG discovered that acpi-support incorrectly handled certain privileged operations when checking for power management daemons. A local attacker could use this flaw to execute arbitrary code and elevate privileges to root.
8c0d27477a48444c6aeaeb6b969c4b184ead8f5305a92a2ee3fecf5275bc02d0