SCIENTIFIC-LINUX-ERRATA Archives

May 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: acpid on SL3.x, SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 8 May 2009 13:42:26 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (40 lines) 
Synopsis:	Moderate: acpid security update
Issue date:	2009-05-07
CVE Names:	CVE-2009-0798

Anthony de Almeida Lopes of Outpost24 AB reported a denial of service 
flaw in the acpid daemon's error handling. If an attacker could exhaust 
the sockets open to acpid, the daemon would enter an infinite loop, 
consuming most CPU resources and preventing acpid from communicating 
with legitimate processes. (CVE-2009-0798)

SL 3.0.x

       SRPMS:
acpid-1.0.2-4.src.rpm
       i386:
There is no i386 version on SL3
       x86_64:
acpid-1.0.2-4.x86_64.rpm

SL 4.x

       SRPMS:
acpid-1.0.3-2.el4_7.1.src.rpm
       i386:
acpid-1.0.3-2.el4_7.1.i386.rpm
       x86_64:
acpid-1.0.3-2.el4_7.1.x86_64.rpm

SL 5.x

       SRPMS:
acpid-1.0.4-7.el5_3.1.src.rpm
       i386:
acpid-1.0.4-7.el5_3.1.i386.rpm
       x86_64:
acpid-1.0.4-7.el5_3.1.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2