procps-ng-3.3.10-17.el7.2

エラータID: AXSA:2018-3119:02

Release date: 
Thursday, May 24, 2018 - 00:56
Subject: 
procps-ng-3.3.10-17.el7.2
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx.

Security Fix(es):

* procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)

* procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank Qualys Research Labs for reporting these issues.

CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
CVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. procps-ng-3.3.10-17.el7.2.src.rpm
    MD5: a69359f1174561cb856f8b7a65f5ca31
    SHA-256: 46a1cd92b0d7bc2f2110ba3735fd17da1bac26d887b17ad75753307ec9b39acf
    Size: 833.86 kB

Asianux Server 7 for x86_64
  1. procps-ng-3.3.10-17.el7.2.x86_64.rpm
    MD5: 1bf7e8d3457ea2863417890b3fe860b4
    SHA-256: 233f36004a2ca399daf355227bafc7c5480f47887fbd5004cb12bea548ea7867
    Size: 289.14 kB
  2. procps-ng-3.3.10-17.el7.2.i686.rpm
    MD5: 2401d72f733e47f21981df3c5895bbb9
    SHA-256: 8ce07d968a40b00dcd48fe976a5ba54448484257a7907579ba3cfbb0e07ed022
    Size: 283.57 kB