| |||||||||||||||||||
Pardus alert 2011-64 (libcgroup pam_cgroups)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-64 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-04-07 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in libcgroup which can be used by malicious people to execute code or lead to privilege escalation. Description =========== CVE-2011-1002: A heap-based buffer overflow flaw was found by Nelson Elhage in libcgroup, control groups controlling and monitoring infrastructure. The flaw allows a local attacker to cause certain executable to crash or, potentially, arbitrary code execution under privileged user account, root (privilege escalation). CVE-2011-1006: libcgroup did not properly check the origin of Netlink messages, allowing a local attacker to send crafted Netlink messages which could lead to privilege escalation. Affected packages: Pardus 2009: libcgroup, all before 0.36-3-2 pam_cgroups, all before 0.36-3-2 Resolution ========== There are update(s) for libcgroup, pam_cgroups. You can update them via Package Manager or with a single command from console: pisi up libcgroup pam_cgroups References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17180 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||