debian-security-announce June 2011 archive
Main Archive Page > Month Archives  > debian-security-announce archives
debian-security-announce: Re: [SECURITY] [DSA 2254-1] oprofile s

Re: [SECURITY] [DSA 2254-1] oprofile security update

From: Sean Rhea <srhea_at_nospam>
Date: Tue Jun 07 2011 - 20:45:36 GMT
To: debian-security@lists.debian.org

I just upgraded oprofile on all our machines.
Sean

On Sat, Jun 4, 2011 at 11:09 AM, Luciano Bello <luciano@debian.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> -
> ---------------------------------------------------------------------------
> Debian Security Advisory DSA 2254-1
> security@debian.org
> http://www.debian.org/security/ Luciano
> Bello
> June 3, 2011
> http://www.debian.org/security/faq
> -
> ---------------------------------------------------------------------------
>
> Package : oprofile
> Vulnerability : command injection
> Problem type : local
> Debian-specific: no
> Debian bug : 624212
> CVE ID : CVE-2011-1760
>
> OProfile is a performance profiling tool which is configurable by
> opcontrol, its
> control utility. Stephane Chauveau reported several ways to inject
> arbitrary
> commands in the arguments of this utility. If a local unprivileged user is
> authorized by sudoers file to run opcontrol as root, this user could use
> the
> flaw to escalate his privileges.
>
>
> For the oldstable distribution (lenny), this problem has been fixed in
> version 0.9.3-2+lenny1.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 0.9.6-1.1+squeeze1.
>
> For the testing distribution (wheezy), this problem has been fixed in
> version 0.9.6-1.2.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 0.9.6-1.2.
>
> We recommend that you upgrade your oprofile packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAk3qdL0ACgkQHYflSXNkfP/FlACeJhDQcRMuQHvWHa25HnSdMECy
> T90An1FejDYdiCPVthcunO2YytGOzc6e
> =Weyj
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: http://lists.debian.org/20110604180901.GA31329@ngolde.de
>
>

-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/BANLkTi=PKkONxAy=GMWcuwcBXojLnU=1Nw@mail.gmail.com