Scientific Linux SL4.x Security Update: libgtop2 Moderate Risk

Aug 08, 2007 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory moderate arbitrary code execution libgtop2 scientific linux

Moderate: libgtop2 security update

Date: Wed, 8 Aug 2007 14:58:00 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA for libgtop2 on SL4.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis:	Moderate: libgtop2 security update
Issue date:	2007-08-07
CVE Names:	CVE-2007-0235

A flaw was found in the way libgtop2 handled long filenames mapped
into the address space of a process. An attacker could execute arbitrary
code on behalf of the user running gnome-system-monitor by executing a
process and mapping a file with a specially crafted name into the
processes' address space. (CVE-2007-0235)

This update also fixes the following bug:

* when a version of libgtop2 compiled to run on a 32-bit architecture was
used to inspect a process running in 64-bit mode, it failed to report
certain information regarding address space mapping correctly.

SL 4.x

 SRPMS:
	libgtop2-2.8.0-1.0.2.src.rpm
 i386:
	libgtop2-2.8.0-1.0.2.i386.rpm
	libgtop2-devel-2.8.0-1.0.2.i386.rpm
 x86_64:
	libgtop2-2.8.0-1.0.2.i386.rpm
	libgtop2-2.8.0-1.0.2.x86_64.rpm
	libgtop2-devel-2.8.0-1.0.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here