USN-476-1: redhat-cluster-suite vulnerability

22 June 2007

redhat-cluster-suite vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04

Software Description

Details

Fabio Massimo Di Nitto discovered that cman did not correctly validate the size of client messages. A local user could send a specially crafted message and execute arbitrary code with cluster manager privileges or crash the manager, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
cman - 2.20070315-0ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References