-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3221-1 security@xxxxxxxxxx http://www.debian.org/security/ Salvatore Bonaccorso April 12, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : das-watchdog CVE ID : CVE-2015-2831 Debian Bug : 781806 Adam Sampson discovered a buffer overflow in the handling of the XAUTHORITY environment variable in das-watchdog, a watchdog daemon to ensure a realtime process won't hang the machine. A local user can exploit this flaw to escalate his privileges and execute arbitrary code as root. For the stable distribution (wheezy), this problem has been fixed in version 0.9.0-2+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 0.9.0-3.1. We recommend that you upgrade your das-watchdog packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVKowJAAoJEAVMuPMTQ89EQd8QAIwQWC2VVY3qydwraJSrKCPv cRTq7TTlfni3AVgPJWfc1XKniTh5J4UZILWB+uJ72OxljMXPCwr9F4z0x4G2CG6i L/YhIoV8bA08bHbV66mp4rtYlsfd49U0Tdtcv+tYy7Lm+GcctGzP2KOmdpE4DFQo vVAfbp9ujCLMUE9815Bh6vvlxPnZSDWsI8l0bveb05OQXJ3itP1wWY2AIoaTa2jR DzdptyrMX/41GIrB5OcJK/LaxzBNScMcsl9m8U6j4nfDzssS+9EVmIKa523ESwvT htkL3I5shSRfGcI0HSUeT1cgnAtophiht73ohkN/pYwvj0/IUNy0jWJ9nqommFw9 kqkTioCcDaGYMGV5Ka5vtjq09CpVuNRiskx+JPL+0BJIQxDfwq8NlUUEqAXFsKcg Cob1VG6Is4ugKtoX51ThuGeBip+JNxdihfHnGLI3acIQfgqvKCZSeHZ/+T2JnH31 OXBnSPIdHez1zn/pUePNYzWh6ujgWf4SVuDp9vaIvfEgsrgzSTJmVyt3ojSS7kUv +WlZyQe/M/R91OrpuDjIgcqpd/11Qd/5KzqWtcpTvRQ0zatVxmO+RiMf4P0YU+AA O1plqey4NZpdzU3wFC9ZuJVPtU91k67W15xW2Z6lOp2ixT6Sysyl2is/j85ck7o5 ETx3fOujyBSSKHAKfCYh =MMJ0 -----END PGP SIGNATURE-----
