Debian Security Advisory
DSA-2348-1 systemtap -- several vulnerabilities
- Date Reported:
- 17 Nov 2011
- Affected Packages:
- systemtap
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2010-4170, CVE-2010-4171, CVE-2011-2503.
- More information:
-
Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux:
- CVE-2011-2503
It was discovered that a race condition in staprun could lead to privilege escalation.
- CVE-2010-4170
It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation.
- CVE-2010-4171
It was discovered that insufficient validation of module unloading could lead to denial of service.
For the stable distribution (squeeze), this problem has been fixed in version 1.2-5+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 1.6-1.
We recommend that you upgrade your systemtap packages.
- CVE-2011-2503