Articles / Debian: Security update for…

Debian: Security update for systemtap

Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux. It was discovered that a race condition in staprun could lead to privilege escalation. It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation. It was discovered that insufficient validation of module unloading could lead to denial of service. Updated packages are available from security.debian.org.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2348-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 17, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : systemtap
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2010-4170 CVE-2010-4171 CVE-2011-2503 

Several vulnerabilities were discovered in SystemTap, an instrumentation 
system for Linux:

CVE-2011-2503

  It was discovered that a race condition in staprun could lead to
  privilege escalation.    

CVE-2010-4170

  It was discovered that insufficient validation of environment
  variables in staprun could lead to privilege escalation.

CVE-2010-4171

  It was discovered that insufficient validation of module unloading
  could lead to denial of service. 

For the stable distribution (squeeze), this problem has been fixed in
version 1.2-5+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 1.6-1.

We recommend that you upgrade your systemtap packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk7JW6QACgkQXm3vHE4uylr00wCg3WpUzEYRfp8E/EsWgg6WQLNs
rKAAoM5Cql3iZOjQcfaEpVF0yC98rRcv
=wqcf
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.