drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in OProfile
Name: |
Mangelnde Eingabeprüfung in OProfile |
|
ID: |
FEDORA-2011-8087 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 14 |
|
Datum: |
Di, 26. Juli 2011, 15:14 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1760 |
|
Applikationen: |
OProfile |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-8087 2011-06-10 12:43:11 ------------------------------------------------------------------------------- -
Name : oprofile Product : Fedora 14 Version : 0.9.6 Release : 21.fc14 URL : http://oprofile.sf.net Summary : System wide profiler Description : OProfile is a profiling system for systems running Linux. The profiling runs transparently during the background, and profile data can be collected at any time. OProfile makes use of the hardware performance counters provided on Intel P6, and AMD Athlon family processors, and can use the RTC for profiling on other x86 processor types.
See the HTML documentation for further details.
------------------------------------------------------------------------------- - Update Information:
When opcontrol was run by a normal user with sudo access it was possible for the user to craft options to opcontrol that would allow commands to be run with root privileges. ------------------------------------------------------------------------------- - ChangeLog:
* Tue Jun 7 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-21 - Correct CVE-2011-1760. Resolves: rhbz #701508 * Tue Apr 5 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-20 - Re-enable xenoprof patch. * Thu Mar 31 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-19 - Provide oprofile-static. * Tue Mar 15 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-18 - Clean up rpmlint complaints. * Tue Mar 15 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-17 - Correct oprofile user information. * Thu Mar 10 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-16 - Remove obsolete configure options. * Thu Mar 10 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-15 - Use QT4. * Fri Feb 25 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-14 - Add processors models for Intel westmere and core i7. * Wed Feb 9 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-12 - Eliminate illegal mutable use. * Tue Feb 8 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.6-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Jan 6 2011 Will Cohen <wcohen@redhat.com> - 0.9.6-10 - Corrections for i386/arch_perfmon filters. - Make nehalem events available. - Add AMD family 12/14/15h support. - Add Intel westemere support. - opcontrol numeric argument checking. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #701508 - CVE-2011-1760 oprofile: Local privilege escalation via crafted opcontrol event parameter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=701508 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update oprofile' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|