acpid vulnerabilities

8 December 2011

acpid vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 11.10
• Ubuntu 11.04
• Ubuntu 10.10
• Ubuntu 10.04 LTS

Summary

Several security issues were fixed in acpid.

Software Description

• acpid - Advanced Configuration and Power Interface daemon

Details

Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges. (CVE-2011-2777)

Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask (umask). A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask. (CVE-2011-4578)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10

acpid - 1:2.0.10-1ubuntu2.3

Ubuntu 11.04

acpid - 1:2.0.7-1ubuntu2.4

Ubuntu 10.10

acpid - 1.0.10-5ubuntu4.4

Ubuntu 10.04 LTS

acpid - 1.0.10-5ubuntu2.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

• CVE-2011-2777
• CVE-2011-4578