registry team mailing list archive
-
registry team
-
Mailing list archive
-
Message #28345
[Bug 677226] Re: CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes
Looking at
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2
, one thing that's done that's missing from your debdiff is to install
staprun without world execute privileges and instead limit execution to
users in the stapusr group, to minimize the risk from future
vulnerabilities. Do you think you could add that?
--
CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes
https://bugs.launchpad.net/bugs/677226
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.
References