DSA-2193-1 libcgroup -- severalID: oval:org.secpod.oval:def:600212 | Date: (C)2011-03-21 (M)2023-11-09 |
Class: PATCH | Family: unix |
Several issues have been discovered in libcgroup, a library to control and monitor control groups: CVE-2011-1006 Heap-based buffer overflow by converting list of controllers for given task into an array of strings could lead to privilege escalation by a local attacker. CVE-2011-1022 libcgroup did not properly check the origin of Netlink messages, allowing a local attacker to send crafted Netlink messages which could lead to privilege escalation. The oldstable distribution does not contain libgroup packages.