-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2376-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst December 30, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : ipmitool Vulnerability : insecure pid file Problem type : local Debian-specific: no CVE ID : CVE-2011-4339 Debian Bug : 651917 It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file. For the stable distribution (squeeze), this problem has been fixed in version 1.8.11-2+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 1.8.11-5. We recommend that you upgrade your ipmitool packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJO/Wc/AAoJEOxfUAG2iX57/aEIAI7UnI1v9h9vQVZ4tHF93TQC RXDdTyLH1cu2AWGb416oSmLwHCKp2GvwihLwHmtUX4OJu21gChfHr7wkZZy2xNVg qcisZ2zxa66rzg3jFkhC8D9bYbcVIQhC33RwOPxuQngybun+haqPELLuFT6ZXEhz eTt2rf6/kd1MmZ23wlL+DMgSSqr0up04nj6pZS8Bo7theKZRw2ds6ezWRyhJquP6 uiTuyBVXqEFSyHsdvI93/zXs1g02ltuFztt12pnPaZzu3D1UtRItYX1ylhP5osie VVOC2Nz4zNDFUun5zrEffcIHPCgD4KMhOJU9f/dENMELcV5eVEm1e1tCrBjojiY= =DrU8 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/