| |||||||||||||||||||
Ubuntu alert USN-1166-1 (oprofile)
========================================================================== Ubuntu Security Notice USN-1166-1 July 11, 2011 oprofile vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: OProfile could be made to run programs as an administrator. Software Description: - oprofile: System-wide profiler for Linux systems Details: Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. (CVE-2011-1760, CVE-2011-2471) Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the --save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. (CVE-2011-2472) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: oprofile 0.9.6-1ubuntu4.4 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1166-1 CVE-2011-1760, CVE-2011-2471, CVE-2011-2472 Package Information: https://launchpad.net/ubuntu/+source/oprofile/0.9.6-1ubun... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
|||||||||||||||||||