USN-476-1: redhat-cluster-suite vulnerability

Ubuntu Security Notice USN-476-1

22nd June, 2007

redhat-cluster-suite vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04

Details

Fabio Massimo Di Nitto discovered that cman did not correctly validate
the size of client messages. A local user could send a specially crafted
message and execute arbitrary code with cluster manager privileges or
crash the manager, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 7.04:
cman 2.20070315-0ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

LP: 121780