Synopsis: Moderate: systemtap security update
Issue date: 2009-03-26
CVE Names: CVE-2009-0784
A race condition was discovered in SystemTap that could allow users in the
stapusr group to elevate privileges to that of members of the stapdev group
(and hence root), bypassing directory confinement restrictions and allowing
them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784)
SL 4.x
SRPMS:
systemtap-0.6.2-2.el4_7.src.rpm
i386:
systemtap-0.6.2-2.el4_7.i386.rpm
systemtap-runtime-0.6.2-2.el4_7.i386.rpm
systemtap-testsuite-0.6.2-2.el4_7.i386.rpm
x86_64:
systemtap-0.6.2-2.x86_64.rpm
systemtap-runtime-0.6.2-2.x86_64.rpm
systemtap-testsuite-0.6.2-2.x86_64.rpm
SL 5.x
SRPMS:
systemtap-0.7.2-3.el5_3.src.rpm
i386:
systemtap-0.7.2-3.el5_3.i386.rpm
systemtap-client-0.7.2-3.el5_3.i386.rpm
systemtap-runtime-0.7.2-3.el5_3.i386.rpm
systemtap-server-0.7.2-3.el5_3.i386.rpm
systemtap-testsuite-0.7.2-3.el5_3.i386.rpm
Dependancies:
elfutils-0.137-3.el5.i386.rpm
elfutils-devel-0.137-3.el5.i386.rpm
elfutils-devel-static-0.137-3.el5.i386.rpm
elfutils-libelf-0.137-3.el5.i386.rpm
elfutils-libelf-devel-0.137-3.el5.i386.rpm
elfutils-libelf-devel-static-0.137-3.el5.i386.rpm
elfutils-libs-0.137-3.el5.i386.rpm
x86_64:
systemtap-0.7.2-3.el5_3.x86_64.rpm
systemtap-client-0.7.2-3.el5_3.x86_64.rpm
systemtap-runtime-0.7.2-3.el5_3.x86_64.rpm
systemtap-server-0.7.2-3.el5_3.x86_64.rpm
systemtap-testsuite-0.7.2-3.el5_3.x86_64.rpm
Dependancies:
elfutils-0.137-3.el5.x86_64.rpm
elfutils-devel-0.137-3.el5.i386.rpm
elfutils-devel-0.137-3.el5.x86_64.rpm
elfutils-devel-static-0.137-3.el5.i386.rpm
elfutils-devel-static-0.137-3.el5.x86_64.rpm
elfutils-libelf-0.137-3.el5.i386.rpm
elfutils-libelf-0.137-3.el5.x86_64.rpm
elfutils-libelf-devel-0.137-3.el5.i386.rpm
elfutils-libelf-devel-0.137-3.el5.x86_64.rpm
elfutils-libelf-devel-static-0.137-3.el5.i386.rpm
elfutils-libelf-devel-static-0.137-3.el5.x86_64.rpm
elfutils-libs-0.137-3.el5.i386.rpm
elfutils-libs-0.137-3.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson