*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: systemtap Two security problems have been found in the setuid-root /usr/bin/staprun program [1]. The issue have been fixed upstream [2]. See CVE-2010-4170 and CVE-2010-4171. [1] http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html [2] http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2 ** Affects: systemtap (Ubuntu) Importance: High Assignee: Lorenzo De Liso (blackz) Status: In Progress ** Affects: systemtap (Ubuntu Maverick) Importance: High Assignee: Lorenzo De Liso (blackz) Status: In Progress ** Affects: systemtap (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** Changed in: systemtap (Ubuntu) Importance: Undecided => High ** Bug watch added: Debian Bug tracker #603946 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603946 ** Also affects: systemtap (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603946 Importance: Unknown Status: Unknown ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4170 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4171 ** Also affects: systemtap (Ubuntu Maverick) Importance: Undecided Status: New ** Changed in: systemtap (Ubuntu Maverick) Importance: Undecided => High ** Changed in: systemtap (Ubuntu) Status: New => In Progress ** Changed in: systemtap (Ubuntu) Assignee: (unassigned) => Lorenzo De Liso (blackz) ** Changed in: systemtap (Ubuntu Maverick) Status: New => In Progress ** Changed in: systemtap (Ubuntu Maverick) Assignee: (unassigned) => Lorenzo De Liso (blackz) -- CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes https://bugs.launchpad.net/bugs/677226 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
