USN-476-1: redhat-cluster-suite vulnerability

22 June 2007

redhat-cluster-suite vulnerability



Fabio Massimo Di Nitto discovered that cman did not correctly validate
the size of client messages. A local user could send a specially crafted
message and execute arbitrary code with cluster manager privileges or
crash the manager, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
  • cman - 2.20070315-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.