Bug 529175 (CVE-2009-2911)
| Summary: | CVE-2009-2911 SystemTap 1.0: Multiple denial of service flaws once --unprivileged mode is activated | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||||
| Severity: | low | Docs Contact: | |||||||||
| Priority: | low | ||||||||||
| Version: | unspecified | CC: | fche, jistone, mjw, security-response-team | ||||||||
| Target Milestone: | --- | Keywords: | Security | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| URL: | http://sources.redhat.com/bugzilla/show_bug.cgi?id=10750 | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2009-10-27 09:26:54 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
|
Description
Jan Lieskovsky
2009-10-15 10:30:15 UTC
Created attachment 365293 [details] Limit printf arguments This patch for SystemTap enforces a limit on the number of arguments in a print call, and also forces a tighter -Wframe-larger-than constraint than the default kernel build. This addresses all issues in sourceware #10750. http://sourceware.org/bugzilla/show_bug.cgi?id=10750 Created attachment 365294 [details]
Limit DWARF expression stack size
This patch for SystemTap enforces a limit on how deep a stack can be used in the DWARF expressions that read probe variables. It is a combination of upstream commit 85dfc5c8 which started reporting the stack size, and a new check to put an upper bound on that.
Created attachment 365413 [details]
Unwind table size checks patch
This patch adds a limit on the maximum size of the unwind tables we load this limits the amount of processing we do (scanning through the CIEs for an address in a module for which we want to backtrace). There are checks added for making sure the CIEs we find are actually inside the unwind table we are processing. And checks to make sure we only scan data until an end that falls within the same table. Finally a limit on the number of call frame instructions we process
(hardcoded at 512 atm).
systemtap-1.0-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/systemtap-1.0-2.fc11 systemtap-1.0-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/systemtap-1.0-2.fc10 systemtap-1.0-2.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/systemtap-1.0-2.fc12 systemtap-1.0-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. systemtap-1.0-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |