View Full Version : USN-476-1: redhat-cluster-suite vulnerability

June 26th, 2007, 10:30 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-476-1 June 22, 2007 redhat-cluster-suite vulnerability CVE-2007-3374 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: cman 2.20070315-0ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Fabio Massimo Di Nitto discovered that cman did not correctly validate the size of client messages. A local user could send a specially crafted message and execute arbitrary code with cluster manager privileges or crash the manager, leading to a denial of service.

More... (http://www.ubuntu.com/usn/usn-476-1)