Ubuntu Security Notice USN-476-1 June 22, 2007==========20================================================= redhat-cluster-suite vulnerability https://launchpad.net/bugs/121780 ========================================================== A security issue affects the following Ubuntu releases:
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 7.04: cman 2.20070315-0ubuntu2.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Fabio Massimo Di Nitto discovered that cman did not correctly validate the size of client messages. A local user could send a specially crafted message and execute arbitrary code with cluster manager privileges or crash the manager, leading to a denial of service.