Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service. Updated packages are available from security.ubuntu.com.
========================================================================== Ubuntu Security Notice USN-1234-1 October 20, 2011 acpid vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: acpid could be made to stall under certain conditions. Software Description: - acpid: Advanced Configuration and Power Interface event daemon Details: Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: acpid 1:2.0.7-1ubuntu2.1 Ubuntu 10.10: acpid 1.0.10-5ubuntu4.1 Ubuntu 10.04 LTS: acpid 1.0.10-5ubuntu2.2 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1234-1 CVE-2011-1159 Package Information: https://launchpad.net/ubuntu/+source/acpid/1:2.0.7-1ubuntu2.1 https://launchpad.net/ubuntu/+source/acpid/1.0.10-5ubuntu4.1 https://launchpad.net/ubuntu/+source/acpid/1.0.10-5ubuntu2.2