—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
– ————————————————————————-
Debian Security Advisory DSA-3221-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
April 12, 2015 http://www.debian.org/security/faq
– ————————————————————————-
Package : das-watchdog
CVE ID : CVE-2015-2831
Debian Bug : 781806
Adam Sampson discovered a buffer overflow in the handling of the
XAUTHORITY environment variable in das-watchdog, a watchdog daemon to
ensure a realtime process won’t hang the machine. A local user can
exploit this flaw to escalate his privileges and execute arbitrary
code as root.
For the stable distribution (wheezy), this problem has been fixed in
version 0.9.0-2+deb7u1.
For the unstable distribution (sid), this problem has been fixed in
version 0.9.0-3.1.
We recommend that you upgrade your das-watchdog packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVKowJAAoJEAVMuPMTQ89EQd8QAIwQWC2VVY3qydwraJSrKCPv
cRTq7TTlfni3AVgPJWfc1XKniTh5J4UZILWB+uJ72OxljMXPCwr9F4z0x4G2CG6i
L/YhIoV8bA08bHbV66mp4rtYlsfd49U0Tdtcv+tYy7Lm+GcctGzP2KOmdpE4DFQo
vVAfbp9ujCLMUE9815Bh6vvlxPnZSDWsI8l0bveb05OQXJ3itP1wWY2AIoaTa2jR
DzdptyrMX/41GIrB5OcJK/LaxzBNScMcsl9m8U6j4nfDzssS+9EVmIKa523ESwvT
htkL3I5shSRfGcI0HSUeT1cgnAtophiht73ohkN/pYwvj0/IUNy0jWJ9nqommFw9
kqkTioCcDaGYMGV5Ka5vtjq09CpVuNRiskx+JPL+0BJIQxDfwq8NlUUEqAXFsKcg
Cob1VG6Is4ugKtoX51ThuGeBip+JNxdihfHnGLI3acIQfgqvKCZSeHZ/+T2JnH31
OXBnSPIdHez1zn/pUePNYzWh6ujgWf4SVuDp9vaIvfEgsrgzSTJmVyt3ojSS7kUv
+WlZyQe/M/R91OrpuDjIgcqpd/11Qd/5KzqWtcpTvRQ0zatVxmO+RiMf4P0YU+AA
O1plqey4NZpdzU3wFC9ZuJVPtU91k67W15xW2Z6lOp2ixT6Sysyl2is/j85ck7o5
ETx3fOujyBSSKHAKfCYh
=MMJ0
—–END PGP SIGNATURE—–
—
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of “unsubscribe”. Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/E1YhJce-0004lG-4H@master.debian.org