It was discovered that libcgroup did not properly check
the origin of Netlink messages. A local attacker could
use this flaw to send crafted Netlink messages to the
cgrulesengd daemon, causing it to put processes into one
or more existing control groups, based on the attacker's
choosing, possibly allowing the particular tasks to run
with more resources (memory, CPU, etc.) than originally
This issue affects the version of the libcgroup package, as shipped
with Red Hat Enterprise Linux 6.
This issue affects the versions of the libcgroup package, as shipped
with Fedora release of 13 and 14.
Please schedule an update.
Created libcgroup tracking bugs for this issue
Affects: fedora-all [bug 680412]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0320 https://rhn.redhat.com/errata/RHSA-2011-0320.html