Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 268079 (CVE-2009-0798) - <sys-power/acpid-1.0.10 DoS (CVE-2009-0798)
Summary: <sys-power/acpid-1.0.10 DoS (CVE-2009-0798)
Alias: CVE-2009-0798
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2009-05-01 11:08 UTC by Alex Legler (RETIRED)
Modified: 2009-05-24 18:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-01 11:08:59 UTC
CVE-2009-0798 (
  The daemon in acpid before 1.0.10 allows remote attackers to cause a
  denial of service (CPU consumption and connectivity loss) by opening
  a large number of UNIX sockets without closing them, which triggers
  an infinite loop.
Comment 1 Peter Alfredsen (RETIRED) gentoo-dev 2009-05-03 09:26:44 UTC
+*acpid-1.0.10 (03 May 2009)
+  03 May 2009; Peter Alfredsen <> +acpid-1.0.10.ebuild:
+  Bump, bug 246802. Thanks to Davide Pesavento <>. Use
+  Ted Felix version of acpid that correctly handles using the netlink
+  interface instead of the deprecated /proc/acpi/event interface. Also fixes
+  bug 268079, CVE-2009-0798.
Comment 2 Peter Alfredsen (RETIRED) gentoo-dev 2009-05-05 08:45:30 UTC
1.0.10_p3 is in the tree with a patch from bug 268442 for strict aliasing warnings that was accepted upstream.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-05 22:00:07 UTC
(In reply to comment #2)
> 1.0.10_p3 is in the tree with a patch from bug 268442 for strict aliasing
> warnings that was accepted upstream.

Does this have to do with the security issue? Do you want _p3 to go stable or 1.0.10?
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-05 22:14:45 UTC
Okay, _p3 was confirmed on IRC.

Arches, please test and mark stable:
Target keywords : "amd64 ia64 x86"
Comment 5 Markus Meier gentoo-dev 2009-05-06 19:44:40 UTC
amd64/x86 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2009-05-07 16:19:51 UTC
ia64 stable
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2009-05-22 17:44:16 UTC
Ready for vote, I vote YES.
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2009-05-24 00:12:03 UTC
Yes, too, request filed.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-05-24 18:45:57 UTC
GLSA 200905-06