Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386289

Summary: dev-util/systemtap: Unspecified vulnerability (CVE-2011-{1769,1781})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: swegener
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 13:32:25 UTC 
CVE-2011-1781 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1781):
  SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local
  users to cause a denial of service (divide-by-zero error and OOPS) via a
  crafted ELF program with DWARF expressions that are not properly handled by
  a stap script that performs stack unwinding (aka backtracing).


Please punt vulnerable ebuilds.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 13:35:45 UTC 
CVE-2011-1769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1769):
  SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled,
  allows local users to cause a denial of service (divide-by-zero error and
  OOPS) via a crafted ELF program with DWARF expressions that are not properly
  handled by a stap script that performs context variable access.
Comment 2 Sven Wegener gentoo-dev 2011-10-08 13:49:22 UTC 
All ebuilds <1.6 have been removed.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 13:53:18 UTC 
Thanks, closing noglsa.