1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2193-1] libcgroup security update

    From Thijs Kinkhorst@1:229/2 to All on Wed Mar 16 22:20:01 2011
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2193-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
    March 16, 2011 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libcgroup
    Vulnerability : several
    Problem type : local
    Debian-specific: no
    CVE ID : CVE-2011-1006 CVE-2011-1022
    Debian Bug : 615987

    Several issues have been discovered in libcgroup, a library to control
    and monitor control groups:

    CVE-2011-1006

    Heap-based buffer overflow by converting list of controllers for
    given task into an array of strings could lead to privilege
    escalation by a local attacker.

    CVE-2011-1022

    libcgroup did not properly check the origin of Netlink messages,
    allowing a local attacker to send crafted Netlink messages which
    could lead to privilege escalation.

    The oldstable distribution (lenny) does not contain libgroup packages.

    For the stable distribution (squeeze), this problem has been fixed in
    version 0.36.2-3+squeeze1.

    For the testing distribution (wheezy) and unstable distribution (sid),
    this problem will be fixed soon.

    We recommend that you upgrade your libcgroup packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)

    iQEcBAEBAgAGBQJNgSa1AAoJEOxfUAG2iX577XUIAJP6D0PL63DYGPQCuOafRPF/ dIrmXVLztDsor2GmhkgNl1O7bDjAZ1I/TN/pjSjqZaRWUYCyNeUmk62+t+6PlZCz KEZgz92s6k0EzjEYSZw84hyaxp15neqwlGYxpX1cfOcpZEV2bN6+b9HEYoxZI2h5 fhBfFzVists0vquz15BoLMFEtjCPYODlPoc5zyZpmrAvLinl6xBzVJ6fHdDNB1yM tyBJCgWQ/Iu+XY2ntP/oJjFQ62Ztig/J94u6C2ixvyYUiOsUgLJspddjAQN5YFyW cgOEWnJhcqmWSPdyPuhblz/l4s2sR3ftPxnrxb0abtnPVJB41SO7h9PAc2UnRwU=
    =Is0K
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)