[oss-security] two systemtap flaws: CVE-2011-2502 and CVE-2011-2503

From: Vincent Danen <vdanen_at_nospam>
Date: Mon Jul 25 2011 - 23:01:42 GMT
To: oss-security@lists.openwall.com

This is just a heads up to notify those who are shipping systemtap that
two flaws were found that could allow members of group stapusr to
elevate their privileges:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2502
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503

-- Vincent Danen / Red Hat Security Response Team

This message: [ Message body ]
Next message: Solar Designer: "Re: [oss-security] CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775)"
Previous message: Tim Brown: "Re: [oss-security] CVE Request: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications"
Next in thread: Tavis Ormandy: "[oss-security] Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503"
Reply: Tavis Ormandy: "[oss-security] Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]