=========================================================== Ubuntu Security Notice USN-476-1 June 22, 2007 redhat-cluster-suite vulnerability CVE-2007-3374 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: cman 2.20070315-0ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Fabio Massimo Di Nitto discovered that cman did not correctly validate the size of client messages. A local user could send a specially crafted message and execute arbitrary code with cluster manager privileges or crash the manager, leading to a denial of service.