-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-17868 2010-11-18 23:25:10 --------------------------------------------------------------------------------
Name : systemtap Product : Fedora 12 Version : 1.3 Release : 3.fc12 URL : http://sourceware.org/systemtap/ Summary : Instrumentation System Description : SystemTap is an instrumentation system for systems running Linux 2.6. Developers can write instrumentation to collect data on the operation of the system. -------------------------------------------------------------------------------- Update Information: This refresh corrects two important security bugs in the /usr/bin/staprun program of the systemtap-runtime package. CVE-2010-4171 Ability to remove unused modules by unprivileged user CVE-2010-4170 Insecure loading of modules We would like to thank Tavis Ormandy for reporting this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 16 2010 David Smith <[email protected]> - 1.3-3 - CVE-2010-4170 - CVE-2010-4171 * Wed Jul 21 2010 Josh Stone <[email protected]> - 1.3-2 - Disable crash on ppc. * Wed Jul 21 2010 Josh Stone <[email protected]> - 1.3-1 - Upstream release. * Mon Mar 22 2010 Frank Ch. Eigler <[email protected]> - 1.2-1 - Upstream release. * Mon Dec 21 2009 David Smith <[email protected]> - 1.1-1 - Upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #653604 - CVE-2010-4170 Systemtap: Insecure loading of modules https://bugzilla.redhat.com/show_bug.cgi?id=653604 [ 2 ] Bug #653606 - CVE-2010-4171 Systemtap: Ability to remove unused modules by unprivileged user https://bugzilla.redhat.com/show_bug.cgi?id=653606 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update systemtap' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
