Summary: | <dev-util/systemtap-2.0: kernel panic when processing malformed DWARF unwind data (CVE-2012-0875) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Harrison <n0idx80> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | swegener |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0875 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 500728 | ||
Bug Blocks: |
Description
Michael Harrison
2012-02-22 22:56:19 UTC
CVE-2012-0875 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0875): SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer. This is fixed upstream since release 2.0 (which contains commit [2]) All affected ebuilds removed from the tree. Maintainer(s), Thank you for cleanup! Security please Vote on GLSA GLSA vote: yes GLSA Vote: Yes Created a New GLSA request. This issue was resolved and addressed in GLSA 201406-04 at http://security.gentoo.org/glsa/glsa-201406-04.xml by GLSA coordinator Chris Reffett (creffett). |