oss-sec mailing list archives

Re: CVE request: acpid

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 06 Dec 2011 16:12:25 -0700

On 12/06/2011 01:39 PM, Moritz Muehlenhoff wrote:

Hi,
Please assign a CVE ID for this issue fixed in acpid 2.0.11:

http://www.tedfelix.com/linux/acpid-netlink.html 
(The ChangeLog can only be grabbed through the tarballs):

------
* Sat Jul 30 2011  Ted Felix <http://www.tedfelix.com>
  - 2.0.11 release
  - Set umask to 0077 for scripts run by acpid.  (event.c)  (Ted Felix)
------

Discovered by Helmut Grohne and Michael Biebl.

Cheers,
        Moritz

Please use CVE-2011-4578 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

Current thread:

CVE request: acpid Moritz Muehlenhoff (Dec 06)
- Re: CVE request: acpid Kurt Seifried (Dec 06)