386289 – dev-util/systemtap: Unspecified vulnerability (CVE-2011-{1769,1781})

Bug 386289 - dev-util/systemtap: Unspecified vulnerability (CVE-2011-{1769,1781})

Summary: dev-util/systemtap: Unspecified vulnerability (CVE-2011-{1769,1781})

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-10-08 13:32 UTC by GLSAMaker/CVETool Bot
Modified:	2011-10-08 13:53 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2011-10-08 13:32:25 UTC

CVE-2011-1781 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1781):
  SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local
  users to cause a denial of service (divide-by-zero error and OOPS) via a
  crafted ELF program with DWARF expressions that are not properly handled by
  a stap script that performs stack unwinding (aka backtracing).


Please punt vulnerable ebuilds.

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2011-10-08 13:35:45 UTC

CVE-2011-1769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1769):
  SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled,
  allows local users to cause a denial of service (divide-by-zero error and
  OOPS) via a crafted ELF program with DWARF expressions that are not properly
  handled by a stap script that performs context variable access.

Comment 2 Sven Wegener gentoo-dev

2011-10-08 13:49:22 UTC

All ebuilds <1.6 have been removed.

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 13:53:18 UTC

Thanks, closing noglsa.