Debian Bug report logs -
#635542
Two privilege escalation issues (CVE-2011-2502 and CVE-2011-2503)
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 26 Jul 2011 20:27:01 UTC
Severity: grave
Tags: security
Fixed in version systemtap/1.6-1
Done: Ritesh Raj Sarraf <rrs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#635542; Package systemtap.
(Tue, 26 Jul 2011 20:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ritesh Raj Sarraf <rrs@debian.org>.
(Tue, 26 Jul 2011 20:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: systemtap
Severity: grave
Tags: security
Please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2502
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2503
for details and patches.
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply sent
to Ritesh Raj Sarraf <rrs@debian.org>:
You have taken responsibility.
(Fri, 29 Jul 2011 11:06:34 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Fri, 29 Jul 2011 11:06:52 GMT) (full text, mbox, link).
Message #10 received at 635542-close@bugs.debian.org (full text, mbox, reply):
Source: systemtap
Source-Version: 1.6-1
We believe that the bug you reported is fixed in the latest version of
systemtap, which is due to be installed in the Debian FTP archive:
systemtap-client_1.6-1_amd64.deb
to main/s/systemtap/systemtap-client_1.6-1_amd64.deb
systemtap-common_1.6-1_all.deb
to main/s/systemtap/systemtap-common_1.6-1_all.deb
systemtap-doc_1.6-1_all.deb
to main/s/systemtap/systemtap-doc_1.6-1_all.deb
systemtap-grapher_1.6-1_amd64.deb
to main/s/systemtap/systemtap-grapher_1.6-1_amd64.deb
systemtap-runtime_1.6-1_amd64.deb
to main/s/systemtap/systemtap-runtime_1.6-1_amd64.deb
systemtap-sdt-dev_1.6-1_all.deb
to main/s/systemtap/systemtap-sdt-dev_1.6-1_all.deb
systemtap-server_1.6-1_amd64.deb
to main/s/systemtap/systemtap-server_1.6-1_amd64.deb
systemtap_1.6-1.debian.tar.gz
to main/s/systemtap/systemtap_1.6-1.debian.tar.gz
systemtap_1.6-1.dsc
to main/s/systemtap/systemtap_1.6-1.dsc
systemtap_1.6-1_amd64.deb
to main/s/systemtap/systemtap_1.6-1_amd64.deb
systemtap_1.6.orig.tar.gz
to main/s/systemtap/systemtap_1.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 635542@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <rrs@debian.org> (supplier of updated systemtap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 29 Jul 2011 15:59:14 +0530
Source: systemtap
Binary: systemtap systemtap-common systemtap-runtime systemtap-doc systemtap-server systemtap-client systemtap-sdt-dev systemtap-grapher
Architecture: source amd64 all
Version: 1.6-1
Distribution: unstable
Urgency: low
Maintainer: Ritesh Raj Sarraf <rrs@debian.org>
Changed-By: Ritesh Raj Sarraf <rrs@debian.org>
Description:
systemtap - instrumentation system for Linux 2.6
systemtap-client - instrumentation system for Linux 2.6 (client for compile server)
systemtap-common - instrumentation system for Linux 2.6 (common component)
systemtap-doc - documentation and examples for SystemTap
systemtap-grapher - instrumentation system for Linux 2.6 (grapher)
systemtap-runtime - instrumentation system for Linux 2.6 (runtime component)
systemtap-sdt-dev - statically defined probes development files
systemtap-server - instrumentation system for Linux 2.6 (compile server)
Closes: 625414 628819 635542
Changes:
systemtap (1.6-1) unstable; urgency=low
.
[ Lucas Nussbaum ]
* Refresh all patches.
.
[ Ritesh Raj Sarraf ]
* [ab3b78a] Imported Upstream version 1.6
* New upstream release (Closes: #625414, #635542, #628819)
- Fixes vulnerability: CVE-2011-1769, CVE-2011-1781, CVE-2011-2502
and CVE-2011-2503
Checksums-Sha1:
f236da3e956fd143715ba08a21f47166c204545b 2321 systemtap_1.6-1.dsc
e9bc2d2aec9a607b92ea5dd2556c9406076c7e37 2133835 systemtap_1.6.orig.tar.gz
7b06eae5dd6346f89ef4456617f83540396a2bbd 23769 systemtap_1.6-1.debian.tar.gz
eb00bc4ed1b0f2e216db588cb411a744d69f6360 780436 systemtap_1.6-1_amd64.deb
03d6fa63e39f6d2f0002ae408234e4e882a4bc85 448698 systemtap-common_1.6-1_all.deb
d64dad84182c4956b329b16c4864940cbff90abc 97106 systemtap-runtime_1.6-1_amd64.deb
92488f9133b0ee5d1ec045eed028d6de1c6c5776 1015238 systemtap-doc_1.6-1_all.deb
6e501e171ff4f2b7c42752bfe2f7f0f1fa7df3ed 192920 systemtap-server_1.6-1_amd64.deb
2ad9ae98a58dcf50f99ee62c29086fb2f5c13cca 16170 systemtap-client_1.6-1_amd64.deb
058691de489e121d8529a83f03a0addc037968c8 22716 systemtap-sdt-dev_1.6-1_all.deb
cb0d8faa90cde0404542dd11ad298a2b805259b8 122042 systemtap-grapher_1.6-1_amd64.deb
Checksums-Sha256:
601f3d1c9ac4725e6700373d8345fe9e88063a274d39c4cc4bb5edab348cebe9 2321 systemtap_1.6-1.dsc
c82352f9245ffb105590bf1142346db81e2be33976e32c4884a5220619e10ec1 2133835 systemtap_1.6.orig.tar.gz
725db4d4e99bb2264f670498cb036ff7994d99ed702e18138c1f2a7baa9c6d61 23769 systemtap_1.6-1.debian.tar.gz
1abb13465b3f352b86ba52ac366490535bb6219cd443119b45bba9f42369669b 780436 systemtap_1.6-1_amd64.deb
fddb8398c389dca0d2fe3aa7ef533e7fba076417989b4985f54c7326ed622bbd 448698 systemtap-common_1.6-1_all.deb
c158af7c12db6b69e202d3cad5fccef8f8dfa87cae7e37a9df7bce25051445bd 97106 systemtap-runtime_1.6-1_amd64.deb
b223b704cb34a8c94790ec6838f1589e30f15c4b33ed1d472e75b48a5f065e7d 1015238 systemtap-doc_1.6-1_all.deb
2588b43900ae6fcd0d571fa2b757406d2699589cc21253171f9f1b0cedcdee15 192920 systemtap-server_1.6-1_amd64.deb
96a5ec373ec4f14d20c3f65070879ccc13d102b683bf02a57dd730a707958f82 16170 systemtap-client_1.6-1_amd64.deb
6996f5ecbc00fc13b1b9998377deacb1ff389948730d9e43e4d852137b18c4b6 22716 systemtap-sdt-dev_1.6-1_all.deb
936e421226c6a8df365547e123c70efb2362a6c3c79fa85f82dd1d61e5b499d1 122042 systemtap-grapher_1.6-1_amd64.deb
Files:
3efde7569666f10afc152060266b744e 2321 devel optional systemtap_1.6-1.dsc
b845ec58bc04cf4cad5c897f67de1308 2133835 devel optional systemtap_1.6.orig.tar.gz
438a90e27c02268e7bd329468ecd3af6 23769 devel optional systemtap_1.6-1.debian.tar.gz
ddd100d758255d24c49fb26afb5c796e 780436 devel optional systemtap_1.6-1_amd64.deb
c61d04c0227b483aa3cbd63b5e4ca972 448698 devel optional systemtap-common_1.6-1_all.deb
3d54842099f60c0c24a4085a1ad04bf4 97106 devel optional systemtap-runtime_1.6-1_amd64.deb
f6b732e3fe23190968e3ea9858f47c29 1015238 doc optional systemtap-doc_1.6-1_all.deb
a69643b8c59e6c2a672b0b22534fb7b8 192920 devel optional systemtap-server_1.6-1_amd64.deb
7a3ec9e974d87105940b0e9156d10f11 16170 devel optional systemtap-client_1.6-1_amd64.deb
fb538c276c94c0d96c911b3897710120 22716 devel optional systemtap-sdt-dev_1.6-1_all.deb
cb6c238baf4c85fe8f44796c6f78f2f3 122042 devel optional systemtap-grapher_1.6-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJOMpDSAAoJEKY6WKPy4XVp3aoP/RchBLvP5cj2DdTj8PhV3+0s
vzinhQ9ntHPsk4SPrKYnWQ3BGaDlWPGDjG+qV8x0OvwDPJmw+dTDHRSrBkScDATU
ligqBvg+HZBby46iqFy1Yg8YKp7OQA46noavh6TeNfVJhugR1WtUGGqzLYo9/wEL
K+APVPVlm6LMJqPeF2fA+G5agU/nLdOzTQoJObpkF6bUdroBQNsTub4NW9f3xoAW
NYbC7moykr94+Vw9mhPClj5502xvxNA4exed4ss6H8T65eST/2TV/8MFa7ojcz8F
6gP1lw8CVF7IZ+gmPzASVGmF3L7Q6XEl4TFodFwEz8/Bd+Y7KXsSaidTNEsuMEjP
Z97eQZ57+VQLq1vfaGQiHhpBjIAgXGEvSCTlg0FPQ2euWuErFLRsAc5CS2DPgF5s
V4BJqiPovK8DP65SCp5GyiFHZKsST9GyabDuYFrIc6dK56FhLR9R1gMSkWeVTLff
QR7Ml7PqYQLMkMFoOLg9FkuGHqPMwHgVQ1plTtH0izgyS3YJt74Z9DD0/9Fy+fpH
aJL+3vtQZM8X3WgfJOz9vWiaa3cF6TC3lg7LD9JGF7foYkl5T8trDnP1Xss/IMCI
UXlOLCSf/h4mjFXVccz6yM2VuQuzXd/GTJziMFCb1LQlJvjnha0KdFzIAIWKGVIV
3Uq3FJRKYbVPh0gZr5XU
=UvmW
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 06 Sep 2011 07:35:48 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:58:46 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon