Debian Security Advisory
DSA-2348-1 systemtap -- several vulnerabilities
- Date Reported:
- 17 Nov 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2010-4170, CVE-2010-4171, CVE-2011-2503.
- More information:
Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux:
It was discovered that a race condition in staprun could lead to privilege escalation.
It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation.
It was discovered that insufficient validation of module unloading could lead to denial of service.
For the stable distribution (squeeze), this problem has been fixed in version 1.2-5+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 1.6-1.
We recommend that you upgrade your systemtap packages.