← Back to team overview

registry team mailing list archive

  1. registry team
  2. Mailing list archive
  3. Message #28207

[Bug 677226] [NEW] CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: systemtap

Two security problems have been found in the setuid-root
/usr/bin/staprun program [1]. The issue have been fixed upstream [2].
See CVE-2010-4170 and CVE-2010-4171.

[1] http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html
[2] http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2

** Affects: systemtap (Ubuntu)
     Importance: High
     Assignee: Lorenzo De Liso (blackz)
         Status: In Progress

** Affects: systemtap (Ubuntu Maverick)
     Importance: High
     Assignee: Lorenzo De Liso (blackz)
         Status: In Progress

** Affects: systemtap (Debian)
     Importance: Unknown
         Status: Unknown

** Visibility changed to: Public

** Changed in: systemtap (Ubuntu)
   Importance: Undecided => High

** Bug watch added: Debian Bug tracker #603946
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603946

** Also affects: systemtap (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603946
   Importance: Unknown
       Status: Unknown

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4170

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4171

** Also affects: systemtap (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Changed in: systemtap (Ubuntu Maverick)
   Importance: Undecided => High

** Changed in: systemtap (Ubuntu)
       Status: New => In Progress

** Changed in: systemtap (Ubuntu)
     Assignee: (unassigned) => Lorenzo De Liso (blackz)

** Changed in: systemtap (Ubuntu Maverick)
       Status: New => In Progress

** Changed in: systemtap (Ubuntu Maverick)
     Assignee: (unassigned) => Lorenzo De Liso (blackz)

-- 
CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes
https://bugs.launchpad.net/bugs/677226
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.

Follow ups

References

  Thread PreviousDate PreviousThread Next