Debian Bug report logs -
#603946
CVE-2010-4170 and CVE-2010-4171
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 18 Nov 2010 18:42:02 UTC
Severity: grave
Tags: security
Found in versions systemtap/1.3-1, systemtap/1.3-2
Fixed in versions systemtap/1.4-1, systemtap/1.2-3
Done: Ritesh Raj Sarraf <rrs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#603946; Package systemtap.
(Thu, 18 Nov 2010 18:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ritesh Raj Sarraf <rrs@debian.org>.
(Thu, 18 Nov 2010 18:42:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: systemtap
Severity: grave
Tags: security
Two security issues have been found in systemtap, one of them
allowing local privilege escalation:
http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html
These are CVE-2010-4170 and CVE-2010-4171.
Fix:
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages systemtap depends on:
ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib
ii libelf1 0.148-1 library to read and write ELF file
ii libgcc1 1:4.4.5-3 GCC support library
ii libsqlite3-0 3.7.2-1 SQLite 3 shared library
ii libstdc++6 4.4.5-3 The GNU Standard C++ Library v3
pn systemtap-runtime <none> (no description available)
systemtap recommends no packages.
Versions of packages systemtap suggests:
pn systemtap-doc <none> (no description available)
pn vim-addon-manager <none> (no description available)
Added tag(s) pending.
Request was from Ritesh Raj Sarraf <rrs@debian.org>
to control@bugs.debian.org.
(Fri, 19 Nov 2010 13:21:09 GMT) (full text, mbox, link).
Reply sent
to Ritesh Raj Sarraf <rrs@debian.org>:
You have taken responsibility.
(Sat, 20 Nov 2010 06:21:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sat, 20 Nov 2010 06:21:03 GMT) (full text, mbox, link).
Message #12 received at 603946-close@bugs.debian.org (full text, mbox, reply):
Source: systemtap
Source-Version: 1.2-3
We believe that the bug you reported is fixed in the latest version of
systemtap, which is due to be installed in the Debian FTP archive:
systemtap-client_1.2-3_amd64.deb
to main/s/systemtap/systemtap-client_1.2-3_amd64.deb
systemtap-common_1.2-3_all.deb
to main/s/systemtap/systemtap-common_1.2-3_all.deb
systemtap-doc_1.2-3_all.deb
to main/s/systemtap/systemtap-doc_1.2-3_all.deb
systemtap-grapher_1.2-3_amd64.deb
to main/s/systemtap/systemtap-grapher_1.2-3_amd64.deb
systemtap-runtime_1.2-3_amd64.deb
to main/s/systemtap/systemtap-runtime_1.2-3_amd64.deb
systemtap-sdt-dev_1.2-3_all.deb
to main/s/systemtap/systemtap-sdt-dev_1.2-3_all.deb
systemtap-server_1.2-3_amd64.deb
to main/s/systemtap/systemtap-server_1.2-3_amd64.deb
systemtap_1.2-3.debian.tar.gz
to main/s/systemtap/systemtap_1.2-3.debian.tar.gz
systemtap_1.2-3.dsc
to main/s/systemtap/systemtap_1.2-3.dsc
systemtap_1.2-3_amd64.deb
to main/s/systemtap/systemtap_1.2-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 603946@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <rrs@debian.org> (supplier of updated systemtap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Nov 2010 18:47:21 +0530
Source: systemtap
Binary: systemtap systemtap-common systemtap-runtime systemtap-doc systemtap-server systemtap-client systemtap-sdt-dev systemtap-grapher
Architecture: source amd64 all
Version: 1.2-3
Distribution: unstable
Urgency: high
Maintainer: Ritesh Raj Sarraf <rrs@debian.org>
Changed-By: Ritesh Raj Sarraf <rrs@debian.org>
Description:
systemtap - instrumentation system for Linux 2.6
systemtap-client - instrumentation system for Linux 2.6 (client for compile server)
systemtap-common - instrumentation system for Linux 2.6 (common component)
systemtap-doc - documentation and examples for SystemTap
systemtap-grapher - instrumentation system for Linux 2.6 (grapher)
systemtap-runtime - instrumentation system for Linux 2.6 (runtime component)
systemtap-sdt-dev - statically defined probes development files
systemtap-server - instrumentation system for Linux 2.6 (compile server)
Closes: 603946
Changes:
systemtap (1.2-3) unstable; urgency=high
.
* Fix CVE Vulnerability: CVE-2010-4170, CVE-2010-4171
staprun module loading/unloading security fixes
(Closes: #603946)
Checksums-Sha1:
f2f0bff87742aa37dcb67abb4e3d936b70dc0081 2308 systemtap_1.2-3.dsc
9c172d21e2519a7deb5757ad99e7e6308726c29f 27394 systemtap_1.2-3.debian.tar.gz
1258bbdf3d78837eda4d2c0306336ce1d2fc12e8 636120 systemtap_1.2-3_amd64.deb
2d83e78ff24f136572dddc47d5b8fe78e08cb19d 410990 systemtap-common_1.2-3_all.deb
6733ca71e060b0abcd73e1f95ca00c03e72af2c7 64114 systemtap-runtime_1.2-3_amd64.deb
2472500d9ed1fcccf6f7c534c7e5a8acfb2d4ca0 867196 systemtap-doc_1.2-3_all.deb
678c01a24f5264305399b07c50da56c01de29361 62606 systemtap-server_1.2-3_amd64.deb
ec16dca99a92afd89e50e45f0b61f7cd89b76f31 41350 systemtap-client_1.2-3_amd64.deb
9a24b1d5dec9caff2b20441313646f1cdf360d6c 20090 systemtap-sdt-dev_1.2-3_all.deb
280e0631f0c2389e8ce0a03afa52bea0fd1d5cb6 121260 systemtap-grapher_1.2-3_amd64.deb
Checksums-Sha256:
05ea84fb4546c13652093c140a08f694785c28ce195978cd4271b08b846b4d97 2308 systemtap_1.2-3.dsc
5a5826cb98782a43577989050c4953312e697874c2ba8d758e521e5d4ea2cf86 27394 systemtap_1.2-3.debian.tar.gz
2c8eb066cb6575de0c92f9b3cdd904c03b1f9f2c8d58c0e91cd995a76b329b6b 636120 systemtap_1.2-3_amd64.deb
56d637909ae5370aebdb261174994d9a7fa2233fa2516af606bbf1f934868e2d 410990 systemtap-common_1.2-3_all.deb
1cd5abdd91ba5b07a93b433b6be619f7f02350f1f21f7a510e915e3ca5f39339 64114 systemtap-runtime_1.2-3_amd64.deb
c0acf74a6fa7d0a28fbd05cb363288a09573a2a19fc0da790136ab2c474d2f52 867196 systemtap-doc_1.2-3_all.deb
99d7836af3cc7e15a751e383d55d3f5e823acc28b8b05dd6a4aed12b36d04124 62606 systemtap-server_1.2-3_amd64.deb
3a39945d2423735cb253dc0a2dc7878b7f854fd7a2d7ff19793a783f867cc462 41350 systemtap-client_1.2-3_amd64.deb
b38a3e86358ae289247e3a80e66bb54a00c5f85d8db67b7ea955236ab706a0ac 20090 systemtap-sdt-dev_1.2-3_all.deb
7ea551b4a7f7c4f182ca7936252cf41593861c0e5d0a34d04d9330dcf693258e 121260 systemtap-grapher_1.2-3_amd64.deb
Files:
f4bde84293dfb9b207f7e0b504628db3 2308 devel optional systemtap_1.2-3.dsc
66acaf977718d364ce40811c2df18a06 27394 devel optional systemtap_1.2-3.debian.tar.gz
28b60666f68d453cf71c2eb2eccfe19e 636120 devel optional systemtap_1.2-3_amd64.deb
08a28d6827086911bb0dc67fe60692d1 410990 devel optional systemtap-common_1.2-3_all.deb
229b024a540e1f8d2b7c5d28a889c99c 64114 devel optional systemtap-runtime_1.2-3_amd64.deb
7838de7e7e99cb99d7fe2cd6648257ab 867196 doc optional systemtap-doc_1.2-3_all.deb
6fe7cd4b3e6817a80cfd74084ff36d30 62606 devel optional systemtap-server_1.2-3_amd64.deb
c33f9aa24c5516fa0f2b742dc238ac67 41350 devel optional systemtap-client_1.2-3_amd64.deb
48bc7656127f0a98a8aa244555d449ed 20090 devel optional systemtap-sdt-dev_1.2-3_all.deb
9135435cd4a93a2e57a7c7c63f0dbd56 121260 devel optional systemtap-grapher_1.2-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCgAGBQJM52IPAAoJEKY6WKPy4XVpy4EP/2yPnNp5MsMMdORtBu7rmqMg
1f/MHvPav5EaBXbinYT5N8qcRn614mJcTZMGBPqt8bQnUiZdUQixjzEOKWnKPj6J
AjRwGGi2olQIQo9Cl29UoXe/waLCxp6wKzYI++BHXCqn0SrOfRTRhMi3L/pukQBF
nRFCEkkixLEa5UDBLMzao2Udwp98xFzhRch6G4ZfKKJZakSlmJR+Fh4qSI1VgCQh
e7ZQz0uEgDpgcxZkxHprAvDPtRzJhxfuAarCMZC+uIMcAROa94GreD1r91ZW36Yr
Lp7CVRmjSHlrZI2gAgNknQCG6KxH/4PSKyxcoB7VKtgPNOXseYh4N6qyuZ7EX+WZ
sOu5WqPXtMzrQ9qMLq431Iahm+HJWCP2FBQ68S8ZEEeyNxmNKLqo2+ZNmciIynjw
Ix/P5SgrBkVcN7jju2qMMDVxpl2XbpZWTK5rkNbXZuHL5lcvJSESA9/TPjietvDN
bfLO8VKlLGa8ZY0wIWjvOb+BUnbLKZ8pxVhXNSOVtG6zEbVFnHbS1STy2ODawxQW
ZmjEluCUMv6FvsbjDSv9yBukSZ5jBr42IrFlLPtz8eA7vOHqYY+/Lr16G+Q+6u9X
+iaMNlhWcztpDv+RRzXyhuViwcDp8cMiDpkgLnGOJLjFcIZkz7fH1wH50E8Pu8UP
iC8qvD+0bQfXCmI68W1J
=M0o7
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 19 Dec 2010 07:32:04 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Mahyuddin Susanto <udienz@ubuntu.com>
to control@bugs.debian.org.
(Sat, 19 Feb 2011 12:39:03 GMT) (full text, mbox, link).
Bug Marked as found in versions systemtap/1.3-2 and reopened.
Request was from Mahyuddin Susanto <udienz@ubuntu.com>
to control@bugs.debian.org.
(Sat, 19 Feb 2011 12:39:03 GMT) (full text, mbox, link).
Bug Marked as found in versions systemtap/1.3-1.
Request was from Mahyuddin Susanto <udienz@ubuntu.com>
to control@bugs.debian.org.
(Sat, 19 Feb 2011 12:39:04 GMT) (full text, mbox, link).
Bug Marked as fixed in versions systemtap/1.4-1.
Request was from Ritesh Raj Sarraf <rrs@debian.org>
to control@bugs.debian.org.
(Sun, 27 Feb 2011 13:36:03 GMT) (full text, mbox, link).
Bug closed, send any further explanations to Moritz Muehlenhoff <jmm@debian.org>
Request was from Ritesh Raj Sarraf <rrs@debian.org>
to control@bugs.debian.org.
(Wed, 16 Mar 2011 09:03:05 GMT) (full text, mbox, link).
Message sent on
to Moritz Muehlenhoff <jmm@debian.org>:
Bug#603946.
(Wed, 16 Mar 2011 09:03:07 GMT) (full text, mbox, link).
Message #27 received at 603946-submitter@bugs.debian.org (full text, mbox, reply):
#the bug is fixed in 1.4-1 which is now in testing/unstable
close 603946
thanks
--
--
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 14 Apr 2011 07:35:53 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:04:37 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon