Security Advisory Moderate: acpid security update

Advisory: RHSA-2009:0474-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-05-07
Last updated on: 2009-05-07
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: com.redhat.rhsa-20090474.xml
CVEs (cve.mitre.org): CVE-2009-0798

Details

An updated acpid package that fixes one security issue is now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

acpid is a daemon that dispatches ACPI (Advanced Configuration and Power
Interface) events to user-space programs.

Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw
in the acpid daemon's error handling. If an attacker could exhaust the
sockets open to acpid, the daemon would enter an infinite loop, consuming
most CPU resources and preventing acpid from communicating with legitimate
processes. (CVE-2009-0798)

Users are advised to upgrade to this updated package, which contains a
backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
acpid-1.0.2-4.src.rpm     30504ac4647a18d019aa64f966c5860d
 
x86_64:
acpid-1.0.2-4.x86_64.rpm     85fb43b78dc61d880457bc704300ace7
 
Red Hat Desktop (v. 4)
SRPMS:
acpid-1.0.3-2.el4_7.1.src.rpm     d8668fb1fa4a96bd177c25ef556cff61
 
IA-32:
acpid-1.0.3-2.el4_7.1.i386.rpm     1abcb0fc6d977c54fec6560fa13a04ef
 
x86_64:
acpid-1.0.3-2.el4_7.1.x86_64.rpm     6840520765269646f71a016eb3bd84b4
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
acpid-1.0.4-7.el5_3.1.src.rpm
File outdated by:  RHBA-2009:1403		     45a426efe34872b6cef1242540d3097b
 
IA-32:
acpid-1.0.4-7.el5_3.1.i386.rpm
File outdated by:  RHBA-2009:1403		     5a927915171482f37030b6aed130f597
 
IA-64:
acpid-1.0.4-7.el5_3.1.ia64.rpm
File outdated by:  RHBA-2009:1403		     cfc132e92e8f1322cfb01946886acda3
 
x86_64:
acpid-1.0.4-7.el5_3.1.x86_64.rpm
File outdated by:  RHBA-2009:1403		     a2e4fd0a7beb89e38196c4bb3eff0389
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
acpid-1.0.1-3.src.rpm     ca86ade785a1b342e31cee717c67cf90
 
IA-64:
acpid-1.0.1-3.ia64.rpm     09c99dffb02f5aeacc6d2911628ef0dd
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
acpid-1.0.2-4.src.rpm     30504ac4647a18d019aa64f966c5860d
 
IA-64:
acpid-1.0.2-4.ia64.rpm     6b035607120f1e60d3f6d122fa7e77a0
 
x86_64:
acpid-1.0.2-4.x86_64.rpm     85fb43b78dc61d880457bc704300ace7
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
acpid-1.0.3-2.el4_7.1.src.rpm     d8668fb1fa4a96bd177c25ef556cff61
 
IA-32:
acpid-1.0.3-2.el4_7.1.i386.rpm     1abcb0fc6d977c54fec6560fa13a04ef
 
IA-64:
acpid-1.0.3-2.el4_7.1.ia64.rpm     84efa1817b37866a8cf810d4b44dcbf6
 
x86_64:
acpid-1.0.3-2.el4_7.1.x86_64.rpm     6840520765269646f71a016eb3bd84b4
 
Red Hat Enterprise Linux AS (v. 4.7.z)
SRPMS:
acpid-1.0.3-2.el4_7.1.src.rpm     d8668fb1fa4a96bd177c25ef556cff61
 
IA-32:
acpid-1.0.3-2.el4_7.1.i386.rpm     1abcb0fc6d977c54fec6560fa13a04ef
 
IA-64:
acpid-1.0.3-2.el4_7.1.ia64.rpm     84efa1817b37866a8cf810d4b44dcbf6
 
x86_64:
acpid-1.0.3-2.el4_7.1.x86_64.rpm     6840520765269646f71a016eb3bd84b4
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
acpid-1.0.4-7.el5_3.1.src.rpm
File outdated by:  RHBA-2009:1403		     45a426efe34872b6cef1242540d3097b
 
IA-32:
acpid-1.0.4-7.el5_3.1.i386.rpm
File outdated by:  RHBA-2009:1403		     5a927915171482f37030b6aed130f597
 
x86_64:
acpid-1.0.4-7.el5_3.1.x86_64.rpm
File outdated by:  RHBA-2009:1403		     a2e4fd0a7beb89e38196c4bb3eff0389
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
acpid-1.0.2-4.src.rpm     30504ac4647a18d019aa64f966c5860d
 
IA-64:
acpid-1.0.2-4.ia64.rpm     6b035607120f1e60d3f6d122fa7e77a0
 
x86_64:
acpid-1.0.2-4.x86_64.rpm     85fb43b78dc61d880457bc704300ace7
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
acpid-1.0.3-2.el4_7.1.src.rpm     d8668fb1fa4a96bd177c25ef556cff61
 
IA-32:
acpid-1.0.3-2.el4_7.1.i386.rpm     1abcb0fc6d977c54fec6560fa13a04ef
 
IA-64:
acpid-1.0.3-2.el4_7.1.ia64.rpm     84efa1817b37866a8cf810d4b44dcbf6
 
x86_64:
acpid-1.0.3-2.el4_7.1.x86_64.rpm     6840520765269646f71a016eb3bd84b4
 
Red Hat Enterprise Linux ES (v. 4.7.z)
SRPMS:
acpid-1.0.3-2.el4_7.1.src.rpm     d8668fb1fa4a96bd177c25ef556cff61
 
IA-32:
acpid-1.0.3-2.el4_7.1.i386.rpm     1abcb0fc6d977c54fec6560fa13a04ef
 
IA-64:
acpid-1.0.3-2.el4_7.1.ia64.rpm     84efa1817b37866a8cf810d4b44dcbf6
 
x86_64:
acpid-1.0.3-2.el4_7.1.x86_64.rpm     6840520765269646f71a016eb3bd84b4
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
SRPMS:
acpid-1.0.4-7.el5_3.1.src.rpm
File outdated by:  RHBA-2009:1403		     45a426efe34872b6cef1242540d3097b
 
IA-32:
acpid-1.0.4-7.el5_3.1.i386.rpm     5a927915171482f37030b6aed130f597
 
IA-64:
acpid-1.0.4-7.el5_3.1.ia64.rpm     cfc132e92e8f1322cfb01946886acda3
 
x86_64:
acpid-1.0.4-7.el5_3.1.x86_64.rpm     a2e4fd0a7beb89e38196c4bb3eff0389
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
acpid-1.0.2-4.src.rpm     30504ac4647a18d019aa64f966c5860d
 
IA-64:
acpid-1.0.2-4.ia64.rpm     6b035607120f1e60d3f6d122fa7e77a0
 
x86_64:
acpid-1.0.2-4.x86_64.rpm     85fb43b78dc61d880457bc704300ace7
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
acpid-1.0.3-2.el4_7.1.src.rpm     d8668fb1fa4a96bd177c25ef556cff61
 
IA-32:
acpid-1.0.3-2.el4_7.1.i386.rpm     1abcb0fc6d977c54fec6560fa13a04ef
 
IA-64:
acpid-1.0.3-2.el4_7.1.ia64.rpm     84efa1817b37866a8cf810d4b44dcbf6
 
x86_64:
acpid-1.0.3-2.el4_7.1.x86_64.rpm     6840520765269646f71a016eb3bd84b4
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
acpid-1.0.1-3.src.rpm     ca86ade785a1b342e31cee717c67cf90
 
IA-64:
acpid-1.0.1-3.ia64.rpm     09c99dffb02f5aeacc6d2911628ef0dd
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

494443 - CVE-2009-0798 acpid: too many open files DoS


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0798
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/