Synopsis: Moderate: systemtap security update
Issue Date: 2011-07-25
CVE Numbers: CVE-2011-2503
—
SystemTap is an instrumentation system for systems running the Linux
kernel. The system allows developers to write scripts to collect data on
the operation of the system.
A race condition flaw was found in the way the staprun utility performed
module loading. A local user who is a member of the stapusr group could use
this flaw to modify a signed module while it is being loaded, allowing them
to escalate their privileges. (CVE-2011-2503)
SystemTap users should upgrade to these updated packages, which contain a
backported patch to correct this issue.
—
SL5
x86_64
systemtap-1.3-9.el5.x86_64.rpm
systemtap-client-1.3-9.el5.x86_64.rpm
systemtap-initscript-1.3-9.el5.x86_64.rpm
systemtap-runtime-1.3-9.el5.x86_64.rpm
systemtap-sdt-devel-1.3-9.el5.i386.rpm
systemtap-sdt-devel-1.3-9.el5.x86_64.rpm
systemtap-server-1.3-9.el5.x86_64.rpm
systemtap-testsuite-1.3-9.el5.x86_64.rpm
i386
systemtap-1.3-9.el5.i386.rpm
systemtap-client-1.3-9.el5.i386.rpm
systemtap-initscript-1.3-9.el5.i386.rpm
systemtap-runtime-1.3-9.el5.i386.rpm
systemtap-sdt-devel-1.3-9.el5.i386.rpm
systemtap-server-1.3-9.el5.i386.rpm
systemtap-testsuite-1.3-9.el5.i386.rpm
– Scientific Linux Development Team