Synopsis: Important: libcgroup security update
Issue Date: 2011-03-03
CVE Numbers: CVE-2011-1006
—
CVE-2011-1022
The libcgroup packages provide tools and libraries to control and monitor
control groups.
A heap-based buffer overflow flaw was found in the way libcgroup converted
a list of user-provided controllers for a particular task into an array of
strings. A local attacker could use this flaw to escalate their privileges
via a specially-crafted list of controllers. (CVE-2011-1006)
It was discovered that libcgroup did not properly check the origin of
Netlink messages. A local attacker could use this flaw to send crafted
Netlink messages to the cgrulesengd daemon, causing it to put processes
into one or more existing control groups, based on the attacker’s choosing,
possibly allowing the particular tasks to run with more resources (memory,
CPU, etc.) than originally intended. (CVE-2011-1022)
Red Hat would like to thank Nelson Elhage for reporting the CVE-2011-1006
—
issue.
All libcgroup users should upgrade to these updated packages, which contain
backported patches to correct these issues.
—
SL6
x86_64
libcgroup-0.36.1-6.el6_0.1.i686.rpm
libcgroup-0.36.1-6.el6_0.1.x86_64.rpm
libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm
libcgroup-devel-0.36.1-6.el6_0.1.x86_64.rpm
libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm
libcgroup-pam-0.36.1-6.el6_0.1.x86_64.rpm
i386
libcgroup-0.36.1-6.el6_0.1.i686.rpm
libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm
libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm
– Scientific Linux Development Team
