The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987
lists.opensuse.org/opensuse-updates/2011-04/msg00027.html
openwall.com/lists/oss-security/2011/02/25/11
openwall.com/lists/oss-security/2011/02/25/12
openwall.com/lists/oss-security/2011/02/25/14
openwall.com/lists/oss-security/2011/02/25/6
openwall.com/lists/oss-security/2011/02/25/9
secunia.com/advisories/43611
secunia.com/advisories/43758
secunia.com/advisories/43891
secunia.com/advisories/44093
sourceforge.net/mailarchive/message.php?msg_id=26598749
sourceforge.net/mailarchive/message.php?msg_id=27102603
sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download
www.debian.org/security/2011/dsa-2193
www.redhat.com/support/errata/RHSA-2011-0320.html
www.securityfocus.com/bid/46578
www.securitytracker.com/id?1025157
www.vupen.com/english/advisories/2011/0679
www.vupen.com/english/advisories/2011/0774
bugzilla.redhat.com/show_bug.cgi?id=680409
lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html