Ubuntu Security Notice 1166-1 - Stephane Chauveau discovered that OProfile did not properly perform input validation when processing arguments to opcontrol. A local user who is allowed to run opcontrol with privileges could exploit this to run arbitrary commands as the privileged user. Stephane Chauveau discovered a directory traversal vulnerability in OProfile when processing the --save argument to opcontrol. A local user could exploit this to overwrite arbitrary files with the privileges of the user invoking the program. Various other issues were also addressed.
e4e70cdf618bdeae8b00d6da6a22649d39c9176779b6d7252363d61fdc7c3d1c