sysstat-11.7.3-9.el8
エラータID: AXSA:2023-5718:02
The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity.
Security Fix(es):
* sysstat: arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 8.8 Release Notes linked from the References section.
CVE-2022-39377
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.
Update packages.
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.
N/A
SRPMS
- sysstat-11.7.3-9.el8.src.rpm
MD5: 13c8ad00b334017f61ad4cf8d69a0e50
SHA-256: 6375960012776f0f56d3dd2abf979a02711448fcd5f6e51491a38378ee92586b
Size: 565.54 kB
Asianux Server 8 for x86_64
- sysstat-11.7.3-9.el8.x86_64.rpm
MD5: 4e0eb047191b0fca0d1326a38a8fc601
SHA-256: ad310b5a30d310a70076727a51be70ae23372c5b7a807f8d14995708abc7121b
Size: 425.16 kB
日本語