Ubuntu Security Notice USN-476-1
22nd June, 2007
redhat-cluster-suite vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.04
Details
Fabio Massimo Di Nitto discovered that cman did not correctly validate
the size of client messages. A local user could send a specially crafted
message and execute arbitrary code with cluster manager privileges or
crash the manager, leading to a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.04:
- cman 2.20070315-0ubuntu2.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.