systemtap -- several vulnerabilities

2011-11-17T00:00:00
ID DSA-2348
Type debian
Reporter Debian
Modified 2011-11-17T00:00:00

Description

Several vulnerabilities were discovered in SystemTap, an instrumentation system for Linux:

It was discovered that a race condition in staprun could lead to privilege escalation.

It was discovered that insufficient validation of environment variables in staprun could lead to privilege escalation.

It was discovered that insufficient validation of module unloading could lead to denial of service.

For the stable distribution (squeeze), this problem has been fixed in version 1.2-5+squeeze1.

For the unstable distribution (sid), this problem has been fixed in version 1.6-1.

We recommend that you upgrade your systemtap packages.