Download
| Alert*
|
oval:org.secpod.oval:def:702141
acpi-support: scripts for handling many ACPI events The system could be made to run programs as an administrator. oval:org.secpod.oval:def:601745 It was discovered that the acpi-support update for DSA-2984-1 would make a laptop"s power button forcibly shut the system down, instead of triggering the configured action . This only affects systems using the gnome-settings-daemon. For reference, the original advisory follows. CESG discovered a roo ... oval:org.secpod.oval:def:601772 During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user"s environment. This could lead to program malfunction or allow a local user to escalate privileges to the root user due to a programming error. oval:org.secpod.oval:def:601731 acpi-support is installed oval:org.secpod.oval:def:601727 CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script. |
