-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-17865 2010-11-18 23:25:01 --------------------------------------------------------------------------------
Name : systemtap Product : Fedora 14 Version : 1.3 Release : 3.fc14 URL : http://sourceware.org/systemtap/ Summary : Instrumentation System Description : SystemTap is an instrumentation system for systems running Linux 2.6. Developers can write instrumentation to collect data on the operation of the system. -------------------------------------------------------------------------------- Update Information: This refresh corrects two important security bugs in the /usr/bin/staprun program of the systemtap-runtime package. CVE-2010-4171 Ability to remove unused modules by unprivileged user CVE-2010-4170 Insecure loading of modules We would like to thank Tavis Ormandy for reporting this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 16 2010 David Smith <[email protected]> - 1.3-3 - CVE-2010-4170 - CVE-2010-4171 -------------------------------------------------------------------------------- References: [ 1 ] Bug #653604 - CVE-2010-4170 Systemtap: Insecure loading of modules https://bugzilla.redhat.com/show_bug.cgi?id=653604 [ 2 ] Bug #653606 - CVE-2010-4171 Systemtap: Ability to remove unused modules by unprivileged user https://bugzilla.redhat.com/show_bug.cgi?id=653606 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update systemtap' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
