User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2010-17865 (systemtap)

Subject:  [SECURITY] Fedora 14 Update: systemtap-1.3-3.fc14
Date:  Fri, 19 Nov 2010 00:03:39 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-17865 2010-11-18 23:25:01 -------------------------------------------------------------------------------- Name : systemtap Product : Fedora 14 Version : 1.3 Release : 3.fc14 URL : Summary : Instrumentation System Description : SystemTap is an instrumentation system for systems running Linux 2.6. Developers can write instrumentation to collect data on the operation of the system. -------------------------------------------------------------------------------- Update Information: This refresh corrects two important security bugs in the /usr/bin/staprun program of the systemtap-runtime package. CVE-2010-4171 Ability to remove unused modules by unprivileged user CVE-2010-4170 Insecure loading of modules We would like to thank Tavis Ormandy for reporting this issue. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 16 2010 David Smith <> - 1.3-3 - CVE-2010-4170 - CVE-2010-4171 -------------------------------------------------------------------------------- References: [ 1 ] Bug #653604 - CVE-2010-4170 Systemtap: Insecure loading of modules [ 2 ] Bug #653606 - CVE-2010-4171 Systemtap: Ability to remove unused modules by unprivileged user -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update systemtap' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds