Scientific Linux SL5.x: mcstrans Low Severity Update for CVE-2007-4570

Nov 13, 2007 •

LinuxSecurity Advisories

1 min read

Scientific Large Esm H500

Topics Covered

security advisory denial of service update mcstrans Scientific Linux

Low: mcstrans security and bug fix update

Date:         Tue, 13 Nov 2007 16:55:21 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux

From:         Troy Dawson 
Subject:      Security ERRATA for mcstrans on SL5.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis:	Low: mcstrans security and bug fix update
Issue date:	2007-11-07
CVE Names:	CVE-2007-4570

An algorithmic complexity weakness was found in the way the mcstrans 
daemon handled ranges of compartments in sensitivity labels. A local 
user could trigger this flaw causing mctransd to temporarily stop 
responding to other requests; a partial denial of service.  (CVE-2007-4570)

This update also fixes a problem where the mcstrans daemon was 
preventing SSH connections into an SELinux box, that was running a 
Multi-Level Security (MLS) Policy with multiple categories

SL 5.x

   SRPMS:
mcstrans-0.2.6-1.el5.src.rpm
   i386:
mcstrans-0.2.6-1.el5.i386.rpm
   x86_64:
mcstrans-0.2.6-1.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here