Package name
systemtap
Date
2011-10-17
Advisory ID
MDVSA-2011:155
Affected versions
2011 i586 , 2011 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in
systemtap:

SystemTap 1.4 and earlier, when unprivileged (aka stapusr)
mode is enabled, allows local users to cause a denial of service
(divide-by-zero error and OOPS) via a crafted ELF program with DWARF
expressions that are not properly handled by a stap script that
performs context variable access (CVE-2011-1769).

SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled,
allows local users to cause a denial of service (divide-by-zero error
and OOPS) via a crafted ELF program with DWARF expressions that are
not properly handled by a stap script that performs stack unwinding
(aka backtracing) (CVE-2011-1781).

The updated packages have been patched to correct these issues.

Updated packages

2011 i586

 67ba5bb61a22be13c4733ec7a55c69d6  2011/i586/systemtap-1.4-1.1-mdv2011.0.i586.rpm 
 8111bc0afc62a289f80a7c59c230d534  2011/SRPMS/systemtap-1.4-1.1.src.rpm

2011 x86_64

 ed96532b46d31ccd56e8738685ef9e90  2011/x86_64/systemtap-1.4-1.1-mdv2011.0.x86_64.rpm 
 8111bc0afc62a289f80a7c59c230d534  2011/SRPMS/systemtap-1.4-1.1.src.rpm

References