DSA-2984-2 acpi-support -- acpi-supportID: oval:org.secpod.oval:def:601745 | Date: (C)2014-08-26 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that the acpi-support update for DSA-2984-1 would make a laptop"s power button forcibly shut the system down, instead of triggering the configured action . This only affects systems using the gnome-settings-daemon. For reference, the original advisory follows. CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script.