Bug#603946: marked as done (CVE-2010-4170 and CVE-2010-4171)

Debian Bug Tracking System Fri, 19 Nov 2010 22:21:28 -0800

Your message dated Sat, 20 Nov 2010 06:17:14 +0000
with message-id <e1pjgl8-0002vb...@franck.debian.org>
and subject line Bug#603946: fixed in systemtap 1.2-3
has caused the Debian Bug report #603946,
regarding CVE-2010-4170 and CVE-2010-4171
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
603946: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603946
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: systemtap
Severity: grave
Tags: security

Two security issues have been found in systemtap, one of them
allowing local privilege escalation:

http://sources.redhat.com/ml/systemtap/2010-q4/msg00230.html

These are CVE-2010-4170 and CVE-2010-4171.

Fix:
http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2


Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages systemtap depends on:
ii  libc6                         2.11.2-6   Embedded GNU C Library: Shared lib
ii  libelf1                       0.148-1    library to read and write ELF file
ii  libgcc1                       1:4.4.5-3  GCC support library
ii  libsqlite3-0                  3.7.2-1    SQLite 3 shared library
ii  libstdc++6                    4.4.5-3    The GNU Standard C++ Library v3
pn  systemtap-runtime             <none>     (no description available)

systemtap recommends no packages.

Versions of packages systemtap suggests:
pn  systemtap-doc                 <none>     (no description available)
pn  vim-addon-manager             <none>     (no description available)

--- End Message ---

--- Begin Message ---

Source: systemtap
Source-Version: 1.2-3

We believe that the bug you reported is fixed in the latest version of
systemtap, which is due to be installed in the Debian FTP archive:

systemtap-client_1.2-3_amd64.deb
  to main/s/systemtap/systemtap-client_1.2-3_amd64.deb
systemtap-common_1.2-3_all.deb
  to main/s/systemtap/systemtap-common_1.2-3_all.deb
systemtap-doc_1.2-3_all.deb
  to main/s/systemtap/systemtap-doc_1.2-3_all.deb
systemtap-grapher_1.2-3_amd64.deb
  to main/s/systemtap/systemtap-grapher_1.2-3_amd64.deb
systemtap-runtime_1.2-3_amd64.deb
  to main/s/systemtap/systemtap-runtime_1.2-3_amd64.deb
systemtap-sdt-dev_1.2-3_all.deb
  to main/s/systemtap/systemtap-sdt-dev_1.2-3_all.deb
systemtap-server_1.2-3_amd64.deb
  to main/s/systemtap/systemtap-server_1.2-3_amd64.deb
systemtap_1.2-3.debian.tar.gz
  to main/s/systemtap/systemtap_1.2-3.debian.tar.gz
systemtap_1.2-3.dsc
  to main/s/systemtap/systemtap_1.2-3.dsc
systemtap_1.2-3_amd64.deb
  to main/s/systemtap/systemtap_1.2-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 603...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <r...@debian.org> (supplier of updated systemtap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 19 Nov 2010 18:47:21 +0530
Source: systemtap
Binary: systemtap systemtap-common systemtap-runtime systemtap-doc 
systemtap-server systemtap-client systemtap-sdt-dev systemtap-grapher
Architecture: source amd64 all
Version: 1.2-3
Distribution: unstable
Urgency: high
Maintainer: Ritesh Raj Sarraf <r...@debian.org>
Changed-By: Ritesh Raj Sarraf <r...@debian.org>
Description: 
 systemtap  - instrumentation system for Linux 2.6
 systemtap-client - instrumentation system for Linux 2.6 (client for compile 
server)
 systemtap-common - instrumentation system for Linux 2.6 (common component)
 systemtap-doc - documentation and examples for SystemTap
 systemtap-grapher - instrumentation system for Linux 2.6 (grapher)
 systemtap-runtime - instrumentation system for Linux 2.6 (runtime component)
 systemtap-sdt-dev - statically defined probes development files
 systemtap-server - instrumentation system for Linux 2.6 (compile server)
Closes: 603946
Changes: 
 systemtap (1.2-3) unstable; urgency=high
 .
   * Fix CVE Vulnerability: CVE-2010-4170, CVE-2010-4171
     staprun module loading/unloading security fixes
     (Closes: #603946)
Checksums-Sha1: 
 f2f0bff87742aa37dcb67abb4e3d936b70dc0081 2308 systemtap_1.2-3.dsc
 9c172d21e2519a7deb5757ad99e7e6308726c29f 27394 systemtap_1.2-3.debian.tar.gz
 1258bbdf3d78837eda4d2c0306336ce1d2fc12e8 636120 systemtap_1.2-3_amd64.deb
 2d83e78ff24f136572dddc47d5b8fe78e08cb19d 410990 systemtap-common_1.2-3_all.deb
 6733ca71e060b0abcd73e1f95ca00c03e72af2c7 64114 
systemtap-runtime_1.2-3_amd64.deb
 2472500d9ed1fcccf6f7c534c7e5a8acfb2d4ca0 867196 systemtap-doc_1.2-3_all.deb
 678c01a24f5264305399b07c50da56c01de29361 62606 systemtap-server_1.2-3_amd64.deb
 ec16dca99a92afd89e50e45f0b61f7cd89b76f31 41350 systemtap-client_1.2-3_amd64.deb
 9a24b1d5dec9caff2b20441313646f1cdf360d6c 20090 systemtap-sdt-dev_1.2-3_all.deb
 280e0631f0c2389e8ce0a03afa52bea0fd1d5cb6 121260 
systemtap-grapher_1.2-3_amd64.deb
Checksums-Sha256: 
 05ea84fb4546c13652093c140a08f694785c28ce195978cd4271b08b846b4d97 2308 
systemtap_1.2-3.dsc
 5a5826cb98782a43577989050c4953312e697874c2ba8d758e521e5d4ea2cf86 27394 
systemtap_1.2-3.debian.tar.gz
 2c8eb066cb6575de0c92f9b3cdd904c03b1f9f2c8d58c0e91cd995a76b329b6b 636120 
systemtap_1.2-3_amd64.deb
 56d637909ae5370aebdb261174994d9a7fa2233fa2516af606bbf1f934868e2d 410990 
systemtap-common_1.2-3_all.deb
 1cd5abdd91ba5b07a93b433b6be619f7f02350f1f21f7a510e915e3ca5f39339 64114 
systemtap-runtime_1.2-3_amd64.deb
 c0acf74a6fa7d0a28fbd05cb363288a09573a2a19fc0da790136ab2c474d2f52 867196 
systemtap-doc_1.2-3_all.deb
 99d7836af3cc7e15a751e383d55d3f5e823acc28b8b05dd6a4aed12b36d04124 62606 
systemtap-server_1.2-3_amd64.deb
 3a39945d2423735cb253dc0a2dc7878b7f854fd7a2d7ff19793a783f867cc462 41350 
systemtap-client_1.2-3_amd64.deb
 b38a3e86358ae289247e3a80e66bb54a00c5f85d8db67b7ea955236ab706a0ac 20090 
systemtap-sdt-dev_1.2-3_all.deb
 7ea551b4a7f7c4f182ca7936252cf41593861c0e5d0a34d04d9330dcf693258e 121260 
systemtap-grapher_1.2-3_amd64.deb
Files: 
 f4bde84293dfb9b207f7e0b504628db3 2308 devel optional systemtap_1.2-3.dsc
 66acaf977718d364ce40811c2df18a06 27394 devel optional 
systemtap_1.2-3.debian.tar.gz
 28b60666f68d453cf71c2eb2eccfe19e 636120 devel optional 
systemtap_1.2-3_amd64.deb
 08a28d6827086911bb0dc67fe60692d1 410990 devel optional 
systemtap-common_1.2-3_all.deb
 229b024a540e1f8d2b7c5d28a889c99c 64114 devel optional 
systemtap-runtime_1.2-3_amd64.deb
 7838de7e7e99cb99d7fe2cd6648257ab 867196 doc optional 
systemtap-doc_1.2-3_all.deb
 6fe7cd4b3e6817a80cfd74084ff36d30 62606 devel optional 
systemtap-server_1.2-3_amd64.deb
 c33f9aa24c5516fa0f2b742dc238ac67 41350 devel optional 
systemtap-client_1.2-3_amd64.deb
 48bc7656127f0a98a8aa244555d449ed 20090 devel optional 
systemtap-sdt-dev_1.2-3_all.deb
 9135435cd4a93a2e57a7c7c63f0dbd56 121260 devel optional 
systemtap-grapher_1.2-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJM52IPAAoJEKY6WKPy4XVpy4EP/2yPnNp5MsMMdORtBu7rmqMg
1f/MHvPav5EaBXbinYT5N8qcRn614mJcTZMGBPqt8bQnUiZdUQixjzEOKWnKPj6J
AjRwGGi2olQIQo9Cl29UoXe/waLCxp6wKzYI++BHXCqn0SrOfRTRhMi3L/pukQBF
nRFCEkkixLEa5UDBLMzao2Udwp98xFzhRch6G4ZfKKJZakSlmJR+Fh2qSI1VgCQh
e7ZQz0uEgDpgcxZkxHprAvDPtRzJhxfuAarCMZC+uIMcAROa94GreD1r91ZW36Yr
Lp7CVRmjSHlrZI2gAgNknQCG6KxH/4PSKyxcoB7VKtgPNOXseYh4N6qyuZ7EX+WZ
sOu5WqPXtMzrQ9qMLq431Iahm+HJWCP2FBQ68S8ZEEeyNxmNKLqo2+ZNmciIynjw
Ix/P5SgrBkVcN7jju2qMMDVxpl2XbpZWTK5rkNbXZuHL5lcvJSESA9/TPjietvDN
bfLO8VKlLGa8ZY0wIWjvOb+BUnbLKZ8pxVhXNSOVtG6zEbVFnHbS1STy2ODawxQW
ZmjEluCUMv6FvsbjDSv9yBukSZ5jBr42IrFlLPtz8eA7vOHqYY+/Lr16G+Q+6u9X
+iaMNlhWcztpDv+RRzXyhuViwcDp8cMiDpkgLnGOJLjFcIZkz7fH1wH50E8Pu8UP
iC8qvD+0bQfXCmI68W1J
=M0o7
-----END PGP SIGNATURE-----

--- End Message ---

Bug#603946: marked as done (CVE-2010-4170 and CVE-2010-4171)

Reply via email to