 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 4 Mar 2011 15:33:09 -0600 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Important: libcgroup security update
Issue date: 2011-03-03
CVE Names: CVE-2011-1006 CVE-2011-1022
A heap-based buffer overflow flaw was found in the way libcgroup
converted a list of user-provided controllers for a particular task into
an array of strings. A local attacker could use this flaw to escalate
their privileges via a specially-crafted list of controllers.
(CVE-2011-1006)
It was discovered that libcgroup did not properly check the origin of
Netlink messages. A local attacker could use this flaw to send crafted
Netlink messages to the cgrulesengd daemon, causing it to put processes
into one or more existing control groups, based on the attacker's
choosing, possibly allowing the particular tasks to run with more
resources (memory, CPU, etc.) than originally intended. (CVE-2011-1022)
SL 6.x
SRPMS:
libcgroup-0.36.1-6.el6_0.1.src.rpm
i386:
libcgroup-0.36.1-6.el6_0.1.i686.rpm
libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm
libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm
x86_64:
libcgroup-0.36.1-6.el6_0.1.i686.rpm
libcgroup-0.36.1-6.el6_0.1.x86_64.rpm
libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm
libcgroup-devel-0.36.1-6.el6_0.1.x86_64.rpm
libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm
libcgroup-pam-0.36.1-6.el6_0.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
