procps-ng-3.3.10-26.el7

エラータID: AXSA:2019-4112:01

Release date: 
Monday, August 19, 2019 - 20:10
Subject: 
procps-ng-3.3.10-26.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.

Security Fix(es):

* procps-ng, procps: Local privilege escalation in top (CVE-2018-1122)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-1122
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

Solution: 

Update packages.

CVEs: 
CVE-2018-1122
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
Additional Info: 

N/A

Download: 

SRPMS
  1. procps-ng-3.3.10-26.el7.src.rpm
    MD5: 41fbc8021ada729c3b00818edf29c36e
    SHA-256: 44912002ecca9f33135f1d6c9164bfdf089b89517b18aa82540f7c642a6393db
    Size: 840.79 kB

Asianux Server 7 for x86_64
  1. procps-ng-3.3.10-26.el7.x86_64.rpm
    MD5: 7917733a7755af566af49b5fc490d78a
    SHA-256: 981d54ca758111835878bff7643c6958c0d378aafc3ee3fd0a9c882c11010ebf
    Size: 289.84 kB
  2. procps-ng-3.3.10-26.el7.i686.rpm
    MD5: 03ce61e35fd50bf045d652e2dba94974
    SHA-256: 6a8efc12de4495efa9014107e3c355590d083459e503ba46647f9744491ef1bd
    Size: 284.91 kB