Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 30 Aug 2011 11:46:31 -0500 Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: systemtap on SL5.x i386/x86_64 Comments: To: " This email address is being protected from spambots. You need JavaScript enabled to view it. "MIME-Version: 1.0 Synopsis: Moderate: systemtap security update Issue date: 2011-07-25 CVE Names: CVE-2011-2503 SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stapusr group could use this flaw to modify a signed module while it is being loaded, allowing them to escalate their privileges. (CVE-2011-2503) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue SL 5.x SRPMS: systemtap-1.3-9.el5.src.rpm i386: systemtap-1.3-9.el5.i386.rpm systemtap-client-1.3-9.el5.i386.rpm systemtap-initscript-1.3-9.el5.i386.rpm systemtap-runtime-1.3-9.el5.i386.rpm systemtap-sdt-devel-1.3-9.el5.i386.rpm systemtap-server-1.3-9.el5.i386.rpm systemtap-testsuite-1.3-9.el5.i386.rpm x86_64: systemtap-1.3-9.el5.x86_64.rpm systemtap-client-1.3-9.el5.x86_64.rpm systemtap-initscript-1.3-9.el5.x86_64.rpm systemtap-runtime-1.3-9.el5.x86_64.rpm systemtap-sdt-devel-1.3-9.el5.i386.rpm systemtap-sdt-devel-1.3-9.el5.x86_64.rpm systemtap-server-1.3-9.el5.x86_64.rpm systemtap-testsuite-1.3-9.el5.x86_64.rpm - Scientific Linux Development Team lastline